Two types of SSO domains can be created – Client Side and Server Side. Client Side Single Sign On domains enable the configuration of how the LoadMaster will authenticate clients including protocols used and authentication endpoints. A Server Side domain is required if utilising Kerberos Constrained Delegation for the authentication of connections from the LoadMaster to the servers.

Client Side configurations allow you to set the Authentication Protocol to LDAP, RADIUS, RSA-SecurID, Certificates, RADIUS and LDAP or RSA-SecurID and LDAP.

Server Side configurations allow you to set the Authentication Protocol exclusively to Kerberos Constrained Delegation (KCD).

To add a new SSO Domain enter the name of the domain in the Name field and click the Add button. The name entered here does not need to relate to the allowed hosts within the Single Sign On Domain.

Note: If the Domain/Realm field is not set, the domain Name set when initially adding an SSO domain is used as the Domain/Realm name.