Toggle navigationAirlock Secure Access HubAbout this documentAbout Airlock Gateway Release notesGetting startedGeneral warnings and recommendationsBasic conceptsREST API based configuration and administrationConfiguration Center (GUI)Configuration examples and guidesIntegration of 3rd-party products and applicationsControl APIHeader-based session trackingCSRF protection for SPAsICAP configurationJWKS providers configurationGraphQL integrationLet’s Encrypt as certificate providerThreat intelligenceMicrosoft integrationPublishing Microsoft Exchange 2016Publishing Microsoft Exchange 2019Publishing Microsoft SharePoint 2016Publishing Microsoft SharePoint 2019Publishing Microsoft WebDAVKerberos integrationRequirementsAbout Back-side Kerberos SSOSingle domain setupCross-domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationActive Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a cross-domain setupAirlock Gateway configurationAirlock IAM configurationAdvanced SetupTips for troubleshootingOperation tasksReference documentationExpert settings collectionTips for troubleshootingIntegration of 3rd-party products and applicationsMicrosoft integrationKerberos integrationCross-domain setupActive Directory configurationActive Directory configurationThe following contents show the steps required to configure Active Directory to run Back-side Kerberos SSO.Chapter contentSystem user for Kerberos constrained delegationFurther information and linksKB - Verify the domain and forest functional level
The following contents show the steps required to configure Active Directory to run Back-side Kerberos SSO.