Many administrators would utilize Serena Single Sign-On with all of its security features if it would log their users on to SBM using the Windows Credentials of the user logged on to the workstation. As of SBM 10.1.2.x, Serena SSO now does "Windows Single Sign-On".
To setup Single Sign-On and Windows Authentication, setup the authentication tab of the SBM Configurator as follows. Validate user credentials against Windows domain, and user sessions are managed by Windows Authentication (SSO). SBM uses both NTLM and Negotiate.
After applying Configurator, your IIS Settings on the WorkCenter and TMTrack virtual directory/applications will be updated to use Anonymous. Under the authentication icon, Anonymous will be selected and Windows Authentication will no longer be selected. Users will now access the IIS server under the Anonymous user account and/or the application pool identity.
SBM SSO will take the user credentials from the browser request and authenticate the user with the Windows server / domain. The user, of course, must exist in SBM where the loginId in SBM matches the Windows SAM account name.
SBM C API programs, however, will not authenticate with Windows password. Instead, the C API uses the internal SBM password. The SBM Webservice API does use the Windows password.
Full setup details are located in the SBM Installation Guide.