Try going to login.microsoftonline.com which has both a username and a password field and then type "alpha@bristol.ac.uk" into the username field and TAB out (this is not a real username by the way). You'll be redirected to the Bristol version of the sign-in page and get to see a nice picture of their university tower.
On gmail, once you've entered your e-mail address, if it's from a computer it recognises (some combination of cookies and IP address) then the password page will show your avatar, if it's from an unknown computer it won't. I guess this provides a very small signal that can be helpful in detecting phishing.
Two-step login is just a way of getting a branded experience in front of the user as soon as possible, nothing more. It is neither necessary nor indicative of SSO (which you have described correctly.)
1) Perhaps testing reveals that some users are pushed away by the complexity of being confronted with two fields at the same time, and these users are more likely to successfully login presented with only one field at a time.
2) Perhaps there is some actual good security reason for it.
3) Perhaps there is some bad security reason for it. First example, lots of sites appear to express a belief that password managers are evil, and that users must be forced by increasingly obstinate means to type each long detailed robust password one single character at a time. Maybe this is simply an extension of that somehow.
4) Perhaps a security standard somewhere was devised that for some reason (good or bad) demanded this behavior; then it has been copied across the industry ever since.
I can't seem to grasp the concept, or what makes it more secure to have one password for all your passwords and/or to store all your login credentials on someone else's computer.
If that is true the world is doomed. Giant Meteor 2016
I don't buy it.
Also, if asking one question at a time adds a % or two to the user base of something as big as Google, then that's a lot of new users.
Both Netflix and Slack does this.
They appear to distinguish two types of accounts ('Live ID' type accounts for personal use, and 'Work' accounts) and it is possible for a single e-mail address to refer to both. When I enter my work email, I get to choose between 'use my work account' (which exists in Azure AD) and 'use my personal account' (which some years ago I registered as Live ID), then get the password prompt.
Actually their implementation is a bit annoying, because the password field in some cases is already visible before the choice between personal/work is presented - as soon as you tab out of the username field, you get the choice and you have to type your password afterwards.
It's better if you don't remember which email you used to signup, as it validates it right away without you having to enter the password, so you can make multiple attempts more quickly.
It somewhat looks better because after you've entered your email they can show your profile picture.
On Chrome at least, autocomplete still works, so you don't have to enter your password manually if you have it saved. I don't know if other browsers (or even Chrome on certain websites) might get confused if username and passwords aren't together.
It makes it seem easier to login. Having to fill 1 field twice feels better than having to fill 2 fields once (in my opinion, at least).
For them it makes sense. Since a long time ago, they've had a feature where you use your custom authentication service to sign in (think: on site Kerberos instance).
For example at school the form would show both email and password fields, but I would enter only my school email into the username and then it would redirect me to to my school's centralized login.
So now instead of mistakenly showing the password field sometimes, they only show it when necessary.
As for Microsoft's login, authenticating users can belong to some Azure Active Directory or Office 365 for Business etc., so Microsoft decides which backend to authenticate users against.
We changed it so that they enter their email first, then we detect whether we have that email in our db, and direct them to the appropriate next step (either a sign up form as a new user, or a password field for an existing user).
