Microsoft Online Services accounts can be created within Microsoft Office 365 and are used for end user authentication. This is the simplest option because accounts are brand new, but can lead to confusion with your end users, since they now have an additional account and password pair that they need to remember.

Microsoft Online Services IDs can be created manually through the browser-based interface, via file import or script, or by using the Active Directory synchronization tool, which will propagate your on-premise end users into Office 365. Note that this last approach will only create a copy of your end users' on-premise accounts; they will still need to remember the new password, even though the logon credential appears to be the same.

SharePoint Online also allows the use of Windows Live IDs to access the environment. This is ideal for external users and allows organizations to essentially create collaborative extranet environments. All the end user needs is their personal Windows Live ID or a Microsoft Online ID from another tenant, and your organization can grant them direct access to a site collection.

There are functional, licensing, and cost caveats, so be sure to research if this authentication mechanism is a viable option for your organization.

In order to create single sign-on between your on-premise domain and Office 365, you will need to employ Active Directory Federation Services (ADFS 2.0). ADFS is a core Microsoft service that gives you the ability to federate your on-premise identities with Office 365, so that the same credentials are used between systems and the end users don't need to remember different passwords. Note that implementing ADFS will require additional on-premise resources, since the setup can range from single-server to multi-server, multi-site deployments depending on the size and setup of the organization. Although this is the most eloquent authentication solution, it is also technically complex and needs to be handled with due diligence and care.