For APEX apps, you normally use a URL like <hostname>/apex/f?p=xxx after which by default you have to authenticate yourself using username/password credentials. However, most end users of APEX Applications already have authenticated themselves by logging on to the Windows domain, so why authenticate a second time to use the first APEX Application?