Cloud identities are served by an Identity Provider (IdP).
Identity providers normally issue one type of identity, based on a particular standard format or protocol, such as SAML or OpenID.
A user must be authenticated before they can access their identity, and the IdP may only support username /password. However, advanced IdPs support authentication methods that are more convenient or familiar, such as the user's social networking authentication system, or those that involve high security, such as X509 certificates on smartcards or other out-of-band methods like SMS text messages or voice biometrics.