No SSO, Manual Authentication
This design is required when you have chosen not to use the Secure Store service and some MashZone NextGen Servers reside in different domains than your SharePoint servers.
Because user credentials are not stored in the Secure Store repository, MashZone NextGen Servers cannot retrieve these credentials via the Token Service. Because the SharePoint and MashZone NextGen Servers are in different domains, cookie forwarding cannot bridge this gap.
This results in manual authentication, requiring users to login to each MashZone NextGen Server as they access mashups or apps hosted by that MashZone NextGen Server to create a session or when an existing session with a MashZone NextGen Server expires.