We use a SSO solution called Sign&Go to authenticate on our multiple applications. It is installed on all of our computers, except our servers.
When installed, the authentication window of Windows is replaced by the authentication window of Sign&Go. So when we connect to a computer using BeyondTrust, the orange key that allows us to inject passwords stored into the Vault is grey. No problem to connect to servers as the authentication window remains the same.
I add a dll file coming from our SSO solution and who allows it to replace the authentication window of Windows.