Applcation level authentication, or Single Sign On, can also be referred to as backend authentication, which refers to the authentication that UAG performs, on behalf of the user, against the backend application that the user is attempting to access through UAG. These settings are located on each application's properties window, on the Authentication tab.
The first setting here is whether you want to enable UAG's single sign-on feature. We're assuming that you do, since you want to make your end-users' lives a bit easier by not requiring them to provide the same credentials again and again, when accessing various applications. Then you need to inform UAG whether the backend application, to which SSO will be performed, expects UAG to provide the actual credentials or whether the backend application can consume Kerberos tickets—Use Kerberos constrained delegation for single sign-on— which we will discuss later in this chapter. If you chose Use credentials...