BusinessObjects Enterprise Administrator's Guide
Configuring IIS for end-to-end single sign-on
To support Kerberos end-to-end single sign-on, the worker processes of the IIS have to run under a domain account that is trusted for delegation. Refer to either of the following procedures, depending on whether you are using IIS5 or IIS6:
Note: Instead of configuring the IIS worker processes for end-to-end single sign-on you can configure them to use single sign-on to the database only. You may want to do this, for example, if you don't want to run the IIS worker processes under an account that has been trusted for delegation. For more information, see: