ISA Server provides a single sign-on functionality that allows users to move safely from one application to another, without having to reauthenticate. For example, an authenticated user can move securely and seamlessly from Outlook Web Access to a SharePoint site by clicking a link in an e-mail message, without reauthenticating.
Single sign-on is available for rules that share a Web listener. For example, if you want single sign on to be available between a SharePoint site and Outlook Web Access, the two rules that publish the SharePoint site and Outlook Web Access must use the same listener. The listener must be configured to use HTML form authentication, and single sign-on must be enabled on the listener.
When you enable single sign-on you provide a domain across which single sign on will apply. For example, you can provide the domain fabrikam.com, and then configure single sign on for mail.fabrikam.com and team.fabrikam.com. You cannot configure single sign on between two sites with different DNS suffixes, such as mail.fabrikam.com and mail.contoso.com.
For more information about authentication in ISA Server, see Authentication Concepts in ISA Server 2006 at the Microsoft ISA Server TechCenter Web site (http://www.microsoft.com).