Appshare on customer nodes (Local or Cloud) can use external identity providers to single sign on with openid connect. This is not possible on the public service, because Appshare must receive customer specific identity provider information to redirect the user. Single Sign On is implemented through OAUth 2.0 Authorization Code with Proof Key for Code Exchange
Which identity providers can be used depends on which customer services are used. A customer service must implement the OAuth Access tokens to protect its resources. Appshare will pass the Access Token from the identity provider to the customer service.