The Federated Identity Credentials system is designed to minimize the number of times a user will have to hand over their secure credential information. The idea is that the end user only needs to log into one service to begin their session. After the initial login they are then allowed to log into other services without handing over their secure login credentials and certificates. When initially logging in with a Microsoft Entra service, the user will be issued a token. That token will be valid for every service that supports the Microsoft Entra API.