In companies with Federated Identity set up, users can sign into Office 365 services using their Active Directory credentials. The corporate Active Directory authenticates the users, and stores and controls the password policy.
With federated Identity, credentials are authenticated by on premises Active Directory Federation Services server and a logon token is obtained by the user so that the Office 365 sign-in service can verify them
To learn about the the major components of Identity Federation together with the data flow that occurs during Identity Federation logon from a client that is accessing Office 365 from the Internet see this diagram:
- Identify Yourself – One or Two Passwords? – link
- Office 365 Single Sign-On with AD FS 2.0 whitepaper – link
- Can I use UAG? – link