As of November, 2015, Pega does not support SSO (or any token passing) for Connect-CMIS and does not plan to do so. However, the following snippets from that discussion may be helpful.
"The CMIS connector has a user id / password that is supported dynamically setting the userid / password ( using Global Resource Settings ), however not using real SSO where Pega is unaware of the users password."
"Pega does NOT have true SSO for Connect-CMIS - using global resource settings is currently the closest option."
"You can pass any token (SAML, LTPA, Siteminder) as part of a WS-Security policy for SOAP connectors. A custom solution like this would involve importing WSDLs to build Connect-SOAP and importing the needed CMIS schema to support these connectors."