After configuring the Active Directory SSO properly to use Kerberos authentication , why is it still prompting to enter credentials instead of being automatically logged in?

In some scenarios, it may still be prompted for credentials even if the Active Directory SSO was properly configured for Kerberos by following the steps mentioned here: Configuring The Active Directory Integration

In that case, check the Event Viewer System logs in order to see if there are any SPN related errors that show up. Sometimes even if the Orchestrator is a single node, it is required to configure an SPN in order for the SSO to work properly with Kerberos. For that use this command:

• setspn.exe -a HTTP/<hostname> <domain account>, where,
  • HTTP/ - The URL at which your Orchestrator instance can be accessed.
  • <domain account> - The name or domain\name of the custom identity as which the Orchestrator application pool is running.