Kerberos SSO Limit to IP Range
About half of our workforce is off-site, many of them on Chromebooks where there is no Kerberos authentication. Please add a feature where Kerberos SSO can be enabled on a per-IP range basis so that we can enable SSO for on-prem users only. If Kerberos is enabled for computers that aren't using Kerberos, they see two login prompts and have to login twice.
Enable Kerberos: Yes
Limit Kerberos to IP Range(s): 10.10.5.0/22
This would allow us to use Kerberos for on-prem end-users but prevent the double login prompt for appearing for off-site VPN users (about half of our workforce).