Enable fallback – The Enable fallback option should be checked only if the Enable Kerberos
Constrained Delegation option is checked.
The Enable fallback option prompts the user to enter their credentials again if KCD has failed for
some reason. If Enable fallback is unchecked and KCD has failed, an error page is displayed.
On Firefox, Enable fallback works only if both Negotiate and NTLM are enabled on
the backend resource, in their respective order. Enable fallback does not work on Safari in
this case. Safari displays a prompt to re-enter credentials, but it keeps failing. Enable
fallback works only when NTLM is the only authentication provider on the backend, which
is not a supported configuration for KCD.