Toggle navigationAirlock Secure Access HubAbout this documentAbout Airlock Gateway Release notesGetting startedGeneral warnings and recommendationsBasic conceptsREST API based configuration and administrationConfiguration Center (GUI)Configuration examples and guidesIntegration of 3rd-party products and applicationsControl APIUsing header tokens for session trackingCSRF protection for SPAsICAP configurationConfiguring JWKS providersGraphQL integrationLet’s Encrypt as certificate providerThreat IntelligenceMicrosoft integrationIntegration of Microsoft Exchange 2016 / 2019Publishing Microsoft SharePoint 2016Publishing Microsoft SharePoint 2019Publishing Microsoft WebDAVKerberos integrationRequirementsAbout Back-side Kerberos SSOSingle domain setupCross-domain setupLimitationsPrepare Kerberos for Airlock Gateway integrationActive Directory configurationSystem user for Kerberos constrained delegationCreate a system userEnable Kerberos constrained delegation for the system userAllow Kerberos constrained delegation in a cross-domain setupAirlock Gateway configurationAirlock IAM configurationAdvanced SetupTips for troubleshootingOperational tasksReference documentationExpert settings collectionTroubleshooting and supportIntegration of 3rd-party products and applicationsMicrosoft integrationKerberos integrationCross-domain setupActive Directory configurationActive Directory configurationThe following contents show the steps required to configure Active Directory to run Back-side Kerberos SSO.Chapter contentSystem user for Kerberos constrained delegationFurther information and linksKB - Verify the domain and forest functional level
The following contents show the steps required to configure Active Directory to run Back-side Kerberos SSO.