An enterprise wide OpenID Connect provider, it implements the OpenID Connect and OAuth 2.0 protocol.
Different literature uses different terms for describing the same role - you probably also find security token service, identity provider, authorization server, IP-STS and more.
But they are in a nutshell all the same: a piece of software that issues security tokens to clients.
Centralized login logic and workflow for all of your applications (web, native, mobile, services).
Single sign-on (and out) over multiple application types.
Issue access tokens for APIs for various types of clients, e.g. server to server, web applications, SPAs and native/mobile apps.
Can be configured to support external identity providers like Azure Active Directory, Google, Facebook etc. This shields your applications from the details of how to connect to these external providers.
