Trusting domains

Approving domains makes it possible to establish a list of “trusted” domains.

In an Active directory forest including sub-domains (for example nestaq.int and its sub-domain lab.nestaq.int), approval relationships allow using logins on a domain to access resources on another domain.

As is the case with multiple directories, one SSO agent needs to be dedicated to each domain (or sub-domain) that is part of the trust relationship.