So for years, I've been able to go into my company office, sign in to my computer, and access "on-premises" company resources such as network fileshares and internal web applications using my 'logged-on identity' from my initial windows sign-in. Let's say for the sake of discussion that I understand how that works.
In more recent years, I've also been able to go into my company office, sign in to my computer, and then also access web applications hosted on the wider internet, or 'the cloud' - i.e. not on premise - sometimes still 'transparently', using my 'logged-on identity', or sometimes still with having to type in a username and PW, but that username and PW being the same as my organisational login. Or I can even log in from my home computer using those same organisational credentials (maybe with some second authentication factor, like having to verify a code on my mobile phone).
So my question is - through what mechanism - or mechanisms - is that made to work? E.g. does the cloud application need to be 'joined' to my organisations on-premise AD in some way? Or can I only see this working because my organisation has moved their AD itself into the cloud?
I appreciate that there may be one specific way this is done but I hope that I suspect there aren't more than a few basic models of how this works, so I hope this question isn't too broad.
