FIM provides a way to connect the identity management system when user information is stored in the third-party identity provider (IdP). With FIM, the user only provides authentication information to the IdP, which in turn already has a trusted relationship with the service. 

As illustrated in the following diagram, when a user logs in to access a service, the service provider (SP) gets credentials from the IdP, rather than getting them directly from the user: 

SSO allows the use of a single sign-on, with which the user can access multiple services. Here, an SP could target an environment where you want to log in—for example, a Customer Relationship Management (CRM) application or your cloud application. An IdP could be a corporate AD. Federation allows something similar to an SSO without a password, as the federation server knows users to access information.

There are various techniques available to implement FIM and SSO. Let's look at some of the popular Identify and Access Management (IAM) choices available.