The only thing I can think of is creating autologon deeplink in the main application and using the user credentials from all the multiple domains to retrieve that deeplink with the entered credentials and then redirect to that autologon deeplink. But that means that you have to create for each sub domain some kind of mini website with the right styling and Javascript to call this REST service. This way you do not store any credentials on the subdomains and still be able to redirect and login the user on the public cloud.
Regards,
Ronald