Integrating with AD for authentication of users to an external service in the cloud isn't that difficult - I've seen a number of approaches work although I must admit I've never actually seen the "official" approach of Active Directory Federation Services (ADFS) in action:

http://en.wikipedia.org/wiki/Active_Directory_Federation_Ser...