Configure the Microsoft Single Sign-On Service
Applies To: Office SharePoint Server 2007
To use single sign-on, the Microsoft single sign-on (SSO) service must be installed on all Web servers that run the Windows operating system. The SSO service must also be installed on all servers running Excel Services. If the Business Data Catalog search is used, the SSO service must also be installed on the index server.
The SSO service is configured by using the Services console. When configuring the service, a logon account is required. The logon account must be the following:
A domain user account (not a group account).
A SharePoint server farm account.
A member of the local Administrators group on the encryption-key server (the encryption-key server is the first server on which you start the SSO service).
A member of the Security Administrators group and DB creator group on the computer running Microsoft SQL Server.
Either the same as the single sign-on administrator account or a member of the group account that is the single sign-on administrator account.