Not sure if your authentication infrastructure is utilizing http header information for SSO between web sites. If it do, you can utilize http header authentication when accessing Accesspoint. What you need to figure out is the name of the http header holding the authenticated user (or group).

Siteminder for example stores the logged on user in a http header named SM_USER. You can then set this header to be used for authentication when accessing Accesspoint. A very short explanation of the architecture and the steps involved when a user logs on in this case would be:

1. User is trying to access Accesspoint (anonymously)
2. An "agent" or ISAPI-filter is installed on the web server, which will check if the http header is present and if a value is set (which is not the case, as the user is currently not logged on)
3. The "agent" will redirect the user to the SSO authentication server and the user logs on
4. Once logged on, the user will be redirected back to Accesspoint, now with the correct http header info

1. A user already logged on through SSO is trying to access Accesspoint
2. Http header info is present, but the "agent" needs to verify that this header hasn't been tampered with (not very hard to spoof a http header)
3. The "agent" will send some info to the SSO authentication server to verify the header being legit/untampered
4. If OK, the "agent" will allow access to the AccessPoint, which can pick up the http header info

This is a very short explanation on how most SSO solutions work. You could of course also build a solution based on QlikView Server ticketing authentication (guess someone in here can provide an example), if you don't have a SSO solution in place. I will see if I can dig something up for you if no one else got something.

Regards,
Bjorn