I am a small time internet hosted app (SAAS) developer, when I launch I expect most of my customers will authenticate (login) to my application using the standard email + password technique.
However I would like to offer a better single sign-on option for larger customers who will have ready-made communities of potential users of my system. Such communities will often be running Windows desktops that are already authenticated against an in-house corporate Windows domain controller.
I am looking for some option to enhance my web site user authentication process and trust or delegate to the customer's domain authentication. I would be very much the junior partner in any such integration so I doubt a large corporate is going to allow me to run a satellite domain controller hooked to their system. The economics of the SAAS app won't allow for hardware VPN circuits.
The Azure cloud will probably be used to host my SAAS app if that helps clarify the options.