Forefront Unified Access Gateway (UAG) can implement single sign-on by using session credentials to authenticate to published backend applications, using the following methods:

• Basic, NTLM, or HTTP forms-based authentication─You can configure any of these methods on the properties of the trunk used to publish the application that require users to authenticate.
  
  
• Kerberos constrained delegation—Forefront UAG supports the use of Kerberos constrained delegation, to authenticate users after Forefront UAG has verified their identity by using a non-Kerberos authentication method. For information about setting up Kerberos, see Configuring single sign-on with Kerberos constrained delegation.
  
  

---

Copyright © 2010 by Microsoft Corporation. All rights reserved.