Issue:
We're running CA Access Gateway (SPS), you'd like to know if users can have Windows
Authentication on a Windows Domain different of the one on which the
CA Access Gateway (SPS) machine is trusted ?
Resolution:
At first glance, this is a Microsoft issue, and as such it might be
possible to do that by making the Windows Domain as Trusted for
Delegation.
A sample of this is explained here :
Setting up delegation between servers for Windows authenticated sites
https://pathowe.co.uk/delegation-between-servers-windows-authenticated-sites/
KB : KB000096755