Unified Access Gateway is configured with SAML or Certificate based identity bridging but no configuration is done to receive any specific data from SAML or Certificate authentication in the backend server. Instead, the backend server might be configured with a different second layer of authentication which is independent of the identity bridging on Unified Access Gateway. For example, a backend server configured with non-Kerberos Windows authentication (such as NTLM, Basic, and so on).

End user is prompted for first layer of authentication by Unified Access Gateway (for SAML or Certificate) and subsequent authentication prompt is based on the backend server configuration.