This document discusses using federated identity management with Azure AppFabric Access Control Service (ACS) and Windows Identity Foundation (WIF) for single sign-on in software as a service applications. The solution allows leveraging popular identity providers like Google and Yahoo for authentication while avoiding the need to manage user accounts. ACS acts as an aggregator between identity providers and relying parties. WIF is used to integrate applications with ACS and manage claims. The approach favors proven security standards over custom code and avoids storing sensitive user data.