To set up Kerberos authentication for desktops, you enable Integrated Windows Authentication to allow the Kerberos protocol to secure interactions between users' browsers and the Identity Manager service.
When Kerberos authentication is enabled for desktops, the Identity Manager service validates user desktop credentials using Kerberos tickets distributed by the Key Distribution Center (KDC) implemented as a domain service in Active Directory. You do not need to directly configure Active Directory to make Kerberos function with your deployment.
You must configure the end user Web browsers to send your Kerberos credentials to the service when users sign in. See Configuring your Browser for Kerberos.