Forum Discussion
Kevin_Stewart
Feb 15, 2016Employee
First let's establish that if the client isn't domain-joined, no form of client side Kerberos can be used. You can, however, achieve Kerberos SSO (server side authentication) for those users. The bigger issue might be one of routing though. Do these non-domain-joined clients come from a different subnet? With different IPs? If these users are still internal, how would you direct just these users through APM, and not the domain-joined users?