I'd like to hear how people have solved single sign-on for SaaS websites, for integration in a company intranet.<p>The problem: Creating a seamless experience for the user (no extra login screen) while still having the external website authorize/authenticate the user.<p>On one hand, you could have a "company password", and the link to the external site posts company password + the specific user id. This is easy to set up (using their email as user id, and the internal cms includes that in the form submission) and doesn't require any additional services, just using the https connection that's already there.<p>On the other hand, you could do some AD integration. Not sure about the specific details here, but it could be a more solid, secure solution. More work would be required for this.
This would also provide for easier maintenance of user accounts (adding/removing users).<p>I'm sure there are several solutions in between. Which approach would you take if you were to integrate a SaaS website into a corporate intranet? Which solution would be best, with regards to 1) security and 2) ease of setting up and maintaining ?