Yes, for the online systems we always approach the implementation of this requirement as a joint project so that we can take into account the specific security constraints and AD set-up of the individual customer.
For an on-premises system, it requires that the Triaster server be part of the Active Directory domain and a parameter be set to allow pass-through authentication. This is straightforward, however.