Users who can authenticate through realms other than their own are called trusted users. Only trusted users can authenticate through a trusted realm, so you must create trusted users in the trusted realm.
You can group trusted users into trusted user groups. Similar to user groups, you can use trusted user groups to provide access to an authentication agent. Only members of a trusted user group can access an agent. Trusted users and trusted user groups can only access authentication agents that have been enabled and configured for trusted realm authentication.