Based on documentation/Prerequistes
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/ca-siteminder-sps-configuration/configure-ca-siteminder-sps-to-support-integrated-windows-authentication#ConfigureCASiteMinder%C2%AESPStoSupportIntegratedWindowsAuthentication-VerifythePrerequisites
Number 2 - Add CA Access Gateway host as a member of domain host for the Windows domain controller.
- Do I have to install 4 CA Access Gateway instances, one for each AD domain? or one single CA Access Gateway can manage the Windows Authentication for alla the AD domains?
Yes based on prerequisites
CA Access Gateway server 1 member of Domain A - Windows Authentication on Domain A + fallback scheme to Form-based
CA Access Gateway server 2 member of Domain B -Windows Authentication on Domain B + fallback scheme to Form-based
CA Access Gateway server 3 member of Domain C - Windows Authentication on Domain C + fallback scheme to Form-based
CA Access Gateway server 4 member of Domain D - Windows Authentication on Domain D + fallback scheme to Form-based