You must enable delegation for all user accounts with service principals used in the Informatica domain. In the Microsoft Active Directory Service, set the
Trust this user for delegation to any service (Kerberos only)
option for each user account that you set an SPN.
Delegated authentication happens when a user is authenticated with one service and that service uses the credentials of the authenticated user to connect to another service. Because services in the Informatica domain need to connect to other services to complete an operation, the Informatica domain requires the delegation option to be enabled in Microsoft Active Directory.
For example, when a PowerCenter client connects to the PowerCenter Repository Service, the client user account is authenticated with the PowerCenter Repository Service principal. When the PowerCenter Repository Service connects to the PowerCenter Integration Service, the PowerCenter Repository Service principal can use the client user credential to authenticate with the PowerCenter Integration Service. There is no need for the client user account to also authenticate with the PowerCenter Integration Service.