Azure Active Directory is Microsoft’s multi-tenant, cloud-based directory and identity management service. For an organization, Azure AD helps employees sign up to multiple services and access them anywhere over the cloud with a single set of login credentials. In this integration, we have used AAD as an IdP to authenticate and passthrough the AAD credentials into ChromeOS devices, and further to access the published apps and desktops. 

AAD as IdP is also used as Single Sign-On (SSO) with Google Admin Console as Servce Provider(SP). It is a process that allows pre-authenticated users to access published Virtual applications and Desktops without having to enter the username or password again. 

SSO is a common procedure in enterprises where a user logs in once and gains access to different applications/Desktops without the need to re-enter log-in credentials for accessing each resource. SSO authentication facilitates seamless network resource usage. SSO mechanisms vary depending on the application type.