Forum Discussion
Stanislas_Piro2
Nov 14, 2017Cumulonimbus
"To use client NTLM authentication, you must correctly configure Kerberos delegation in the Active Directory domain where Remote Desktop users will be authenticated"
this means that if you configure NTLM authentication on client side, APM can't know the user password. So if you want SSO to the backend server, the only available SSO is Kerberos SSO using Kerberos delegation feature.
this is the same requirement every time client side authentication don't provide user password.
I'm not sure kerberos SSO is available in version 13 and earlier for RDP.