Users unable to logon when Kerberos constrained delegation configured
When users attempt to log on to Squared Up they receive a browser-based login prompt.
The following error is logged in the Squared Up log file
Squared Up accesses SCOM using the end user’s credentials. When Windows authentication is being used and Squared Up is deployed on a dedicated server (not a SCOM server), the end user first authenticates with the Squared Up web server, and then the Squared Up web server impersonates the end user and authenticates with the SCOM Management Server. This requirement to authenticate a second time is known as a ‘double-hop’ and requires Kerberos delegation to be configured correctly.
Kerberos delegation involves complex configuration. It requires Kerberos authentication to be correctly functioning between client, web server and management server, and for configuration such as Service Principal Names (SPNs) to be configured correctly.
Please follow the guide here How to configure Windows authentication.
And run through the Troubleshooting Kerberos article.