Alright, I was doing it wrong. The following procedure is not tacitly in the BOL doc that I could find, and although the pieces are there, it is not intuitively obvious (to me, anyway) that this is what you need to do. I do not know if this is the only way to do it, but it worked for me. If there is an easier way, I would like to know it. I realize that this does not cover all the options, but it will create a <domain>.<username>. There are a few minor steps I did not include which I am assuming that if you are computer-savvy enough to be using enterprise-class software that you don't need to be told what to do to move forward:
* you have admin priveleges in the commserve console
* JRE 1.6.x or better is installed on the user's compueter
* A Nameserver has been properly configured in the CommServe console
1) Add non-AD username to CommCell Users. This username should be the exact same username which the user uses when logging onto their computer. Supply any ol' password.
2) On a computer which the user is logged onto using AD credentials, using the username from step 1, go to the following URL in a web browser:
3) After the software downloads, a console login screen will appear => when this happens, press the ESC key. Remove the default username and supply a username and password with admin priveleges in the CommServer console => this should be a domain un/pw.
4) Once in the console, go to Security -> CommCell Users and verify that the user is now <domain>.<username>. Delete the non-AD user.
5) Go to Security -> CommCell User Groups. For each group to which you want this user to belong, right click and go to Properties and select the Users tab, then add the user to the Member Users.
6) Exit the console.
7) Go the web browser and refresh the page with http://[CommServe Hostname]:81/console in the address bar. The user should now be able to SSO.
All your base are belong to us....