Does the Ironport support LDAP authentication with Single Sign-On. Or, is it only supported on NTLM? Can you setup multiple authentication realms to the same AD server, but call different AD groups? What I am trying to accomplish is to have single sign-on working and also have users places in certain access policies according to which AD group they are in. For instance, the marketing group would be placed into on access policy while HR would be place in another.