Context based conditional access for cloud services

What is claimed is: 1. A method comprising: receiving a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receiving, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determining a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; comparing, by a processing device, the context of the request to an access policy for the single sign-on system; automatically determining a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and granting the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. 2. The method of claim 1 , wherein the second authentication factor comprises at least one of a password, a pin, a pattern, a security token, a one-time password, or a biometric. 3. The method of claim 1 , wherein the second authentication factor is requested in response to a request from the user device for confidential information from the cloud service. 4. The method of claim 1 , wherein the plurality of user accounts comprises a personal account and a corporate account, both associated with the user. 5. The method of claim 1 , wherein the context of the request is further determined to comprise an identity of the user, a type of the user device, a type of network over which the request is received, or a type of information requested from the cloud service. 6. The method of claim 1 , wherein a cloud service access and information gateway determines the context of the request and compares the context to the access policy. 7. The method of claim 1 , wherein the access policy specifies whether to request a second authentication factor and which of a plurality of user accounts to use based on the context of the request. 8. A system, comprising: a memory; and a processing device coupled with the memory to: receive a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receive, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determine a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; compare the context of the request to an access policy for the single sign-on system; automatically determine a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and grant the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. 9. The system of claim 8 , wherein the second authentication factor comprises at least one of a password, a pin, a pattern, a security token, a one-time password, or a biometric. 10. The system of claim 8 , wherein the second authentication factor is requested in response to a request from the user device for confidential information from the cloud service. 11. The system of claim 8 , wherein the plurality of user accounts comprises a personal account and a corporate account, both associated with the user. 12. The system of claim 8 , wherein the context of the request is further determined to comprise an identity of the user, a type of the user device, a type of network over which the request is received, or a type of information requested from the cloud service. 13. The system of claim 8 , wherein a cloud service access and information gateway determines the context of the request and compares the context to the access policy. 14. The system of claim 8 , wherein the access policy specifies whether to request a second authentication factor and which of a plurality of user accounts to use based on the context of the request. 15. A non-transitory computer readable storage medium including instructions that, when executed by a processor, cause the processor to perform operations comprising: receiving a first authentication factor for a user in a single sign-on system, the single sign-on system to provide access to a plurality of cloud services; receiving, from a user device over a network, a request to access a cloud service of the plurality of cloud services, the user having a plurality of user accounts for the cloud service, wherein each user account has independent access credentials associated with the account; determining a context of the request to include a type of information to be sent to or received from the cloud service as a result of the request; comparing, by a processing device, the context of the request to an access policy for the single sign-on system; automatically determining a first user account of the plurality of user accounts for the cloud service based on the context of the request and the access policy; and granting the user conditional access to the cloud service using the associated access credential for the first user account, wherein granting conditional access comprises requesting a second authentication factor for the user before granting full access to the cloud service. 16. The non-transitory computer readable storage medium of claim 15 , wherein the second authentication factor comprises at least one of a password, a pin, a pattern, a security token, a one-time password, or a biometric. 17. The non-transitory computer readable storage medium of claim 15 , wherein the second authentication factor is requested in response to a request from the user device for confidential information from the cloud service. 18. The non-transitory computer readable storage medium of claim 15 , wherein the plurality of user accounts comprises a personal account and a corporate account, both associated with the user. 19. The non-transitory computer readable storage medium of claim 15 , wherein the context of the request is further determined to comprise an identity of the user, a type of the user device, a type of network over which the request is received, or a type of information requested from the cloud service. 20. The non-transitory computer readable storage medium of claim 15 , wherein a cloud service access and information gateway determines the context of the request and compares the context to the access policy. 21. The non-transitory computer readable storage medium of claim 15 , wherein the access policy specifies whether to request a second authentication factor and which of a plurality of user accounts to use based on the context of the request.