Step 2. Set up Single Sign-On
Workspace 365/Office 365 administrators are able to enable Single Sign-On (SSO) for their Workspace 365 environment, which helps to decrease login procedures for Workspace 365 users. The recommended setup for Single Sign On is oAuth2.
oAuth2 is an open standard for authorization, commonly used as a way for internet users to log in to third-party websites using their Microsoft, Google, Facebook, etc. accounts without exposing their password. Generally, oAuth2 provides clients with "secure delegated access" to server resources on behalf of a resource owner.
With configuration of oAuth2 in Workspace 365, you can sign in to Workspace 365 via your current federation and you are able to use MFA, also called 2 Factor Authentication (2FA) or Multi-factor Authentication (MFA).
To set up Single Sign-On automatically, choose the "Automatic setup". Workspace 365 will create an Azure AD application with the permissions for integrations you will grant, such as Exchange or SharePoint.