This design is required when you have chosen not to use the Secure Store service and some Presto Servers reside in different domains than your SharePoint servers.

Because user credentials are not stored in the Secure Store repository, Presto Servers cannot retrieve these credentials via the Token Service. Because the SharePoint and Presto Servers are in different domains, cookie forwarding cannot bridge this gap.

This results in manual authentication, requiring users to login to each Presto Server as they access mashups or apps hosted by that Presto Server to create a session or when an existing session with a Presto Server expires.