To enable SingleSignOn you have to grant the right "LOGON WITH NULL PASSWORD" to each and every user on your system.
How can I find out whether a given user has this right or not?
PS: Maybe in the dbc.allrights and dbc.allrolerights tables? There you have stored which right a user have; but I couldn't find the right value in the attribute accessright ...
Use DBC.LogonRulesV to see this information.
Note that you can also GRANT LOGON "AS DEFAULT", which will apply to any user for which there is no user-specific rule, rather than having to do individual GRANT LOGON every time you create a new user.