I received this in my Inbox from @paulgreeniamcloud
I'm one of the identity specialists at IAM Cloud. You're right in thinking that the solution contacts Active Directory, but only to periodically (every 2 hours) refresh the information which is sync's to the IAM Cloud hosted directory, from which authentication requests are performed. That means the school/organisation's directory/Internet connection can be completely unavailable but authentication can still happen, so long as IAM Cloud's service is available. Although the identity sync is two-hourly, password resets are immediate. All this is done with virtually no on-premises component: only a password filter is needed to be installed on each domain controller for password transmission.
To make the service as resilient as possible, we provide multiple servers for every mission-critical aspect of the solution (so multiple directory/federation servers), and for added resilience, load balance the solution geographically by hosting it in two Azure data centres, but ensure data never leaves a geographic region: i.e. European customers have data hosted in, and which never leaves Europe.
Please contact me privately or log a 'contact us' request on the website if you'd like some more information; the cost for education is typically under £2000 for all students, including set up, customisation and support for both the hosted identity and SSO service. We're UK-headquartered and me and my colleagues would be delighted to explain more about the solution.