The client side SSO domain can be created by going to Virtual Services > Manage SSO > Add (in the Client Side Single Sign On Configurations section) and filling out the details as needed. The Authentication Protocol must be set to LDAP for NTLM authentication to work. An LDAP endpoint is required if Permitted Groups or Steering Groups are in use.

The User Account Control (UAC) check is not triggered for NTLM authentication when the UAC check interval value is set to 0 minutes and the provided username domain matches the domain name specified in the SSO domain entry. However, if the domains differ (including cases where no domain is set in the SSO configuration), the UAC check is enforced even if the interval value is set to 0 minutes.

For information on configuring an LDAP endpoint, refer to the following knowledge base article: How to Configure an LDAP Endpoint.