Workspace 365/Office 365 administrators are able to enable Single Sign-On(SSO) for their Workspace 365 environment, which helps decreasing login procedures for Workspace users. There are three Single Sign-On options. 

• None
• Web Services Federation
• oAuth2 (recommended)

None

By default there is no Single Sign-On method configured. In this way, Workspace 365 has an own username and password per user.

Web Services Federation

With Web Services Federation (WS-Federation or WS-Fed), you can set up a Federation with an ADFS and/or Azure. In this way the user does not directly sign in to Workspace 365 but via the federation application/server. In most cases this is Azure. This federation is based on the Web Services Federation protocol. For a detailed description about this protocol click here.

OAuth2

OAuth2 is an open standard for authorization, commonly used as a way for internet users to log in to third-party websites using their Microsoft, Google, Facebook, etc. accounts without exposing their password. Generally, oAuth2 provides to clients "secure delegated access" to server resources on behalf of a resource owner.

For a detailed description about this protocol click here.

With configuration of oAuth2 in Workspace 365, you can sign in to Workspace via your current federation and you are able to use MFA, also called 2 Factor Authentication(2FA) or MultiFactor Authentication(MFA).