An application listed in the Google Apps Marketplace comprises a number of extensions. These extensions can include universal navigation links and OpenID realms. If an application specifies an OpenID realm extension and a user logs in to the application via a URL that matches the specified realm, then the user is logged in via Single Sign-On using his Google Apps credentials and does not see the traditional OpenID authorization screen.

When a user logs in via this method, the web site has access to information, including name and email address, about that user.

To see which OpenID realms are specified by an application, open that application's Settings page in the Google Admin console.

Google Apps for Business and Education: Regardless of whether you have enabled or disabled OpenID for your domain (Advanced tools > Authentication in the classic Admin console or Dashboard > Security > Advanced settings in the new Admin console), if an application identifies OpenID realms, then your users can log in to the application via those realms. In this case, the whitelisting of the realm overrides the OpenID settings in the Admin console, and the realm is whitelisted under all circumstances.