This setting indicates that the connection to the server will be made using Windows Credentials (Kerberos / Single Signon / SSO). This means that the user's Windows profile and password is used to sign on to the server. The server must have been configured for Single Sign On, and the user enrolled, before this can be done.
See the documentation for the CONNECT_SERVER built-in function for more details.
If Windows credentials are used, and Framework authority is in use, (See Framework properties --> User Adminstration Settings --> Use Framework users and authority), the Framework will evaluate security to Framework objects based on the IBM i user profile that the user connects as, not the user's Windows profile.
This behaviour can be changed by making your own version of the IIP called Server IIP function to validate sign on. See the source for function UF_SYSBR/UFU0005 for more details
Neither aXes nor newlook currently support Windows Credentials / Kerberos connection - so it is not possible to use Kerberos to establish RAMP 5250 sessions. You may be able to work around this by using the Server IIP function to supply an ordinary profile and password (fields #CHK_NLUSR #CHK_NLPSW) for RAMP 5250 connections, when Kerberos has been used for the initial connection. See the source for function UF_SYSBR/UFU0005 for more details.
This property is in the Server Details tab and the Web/RAMP Details tab.