We're running CA Access Gateway (SPS), you'd like to know if users can have WindowsAuthentication on a Windows Domain different of the one on which theCA Access Gateway (SPS) machine is trusted ?
At first glance, this is a Microsoft issue, and as such it might bepossible to do that by making the Windows Domain as Trusted forDelegation.
A sample of this is explained here :
Setting up delegation between servers for Windows authenticated siteshttps://pathowe.co.uk/delegation-between-servers-windows-authenticated-sites/
KB : KB000096755