A virtual environment service provider may provide a virtual, cloud-based environment for a user to access various services via a user agent (e.g., a web browser, software application, mobile app, etc.). The virtual environment service provider may also provide identity management. For instance, in the virtual, cloud-based environment, the virtual environment service provider may issue a user of the user agent a security token service (STS) identity for use in interacting with its various services. The STS identity is commonly referred to as an “authentication token” or simply a “token.” This token may be used to establish identity to various service providers to establish the individual's access right, “authorization,” to the service. As virtual environment service providers push to expand their services, they may also attempt to add support, in the virtual, cloud-based environment, for services provided by other entities. Because the user's STS identity is specific to the virtual environment service provider, the STS identity might not be sufficient to permit use of or access to services provided by these other entities. As a result, virtual environment service providers might not be able to provide users access to services from different entities.