I've just inspected the [NTLMAuthenticationFeature][1] of our REST clients. It looks like currently we explicitly block the re-usage of the user/password which are known by to the JVM. We enforce the usage of the username+password defined in our own webservice client configuration. So no, **no, today SSO will not work.work** with REST client calls. For a future improval. What would you expect from an NTLM/SSO feature? Should it re-use the credentials from the current user that works with ivy or should it be the account that runs the JVM (axonIvyEngine)? [1]: https://developer.axonivy.com/doc/latest/PublicAPI/ch/ivyteam/ivy/rest/client/authentication/NtlmAuthenticationFeature.html

I've just inspected the [NTLMAuthenticationFeature][1] of our REST clients. It looks like currently we explicitly block the re-usage of the user/password which are known by to the JVM. We enforce the usage of the username+password defined in our own webservice client configuration. So no, today SSO will not work. For a future improval. What would you expect from an NTLM/SSO feature? Should it re-use the credentials from the current user that works with ivy or should it be the account that runs the JVM (axonIvyEngine)? [1]: https://developer.axonivy.com/doc/latest/PublicAPI/ch/ivyteam/ivy/rest/client/authentication/NtlmAuthenticationFeature.html