There were two solutions to this problem:

1. For the web browser persistence, after the initlal authentication, JS in the WPF app would find the necessary section on the MS login and click it for the user.

2. For other applications, Imprivata, an app integral to these desktops, would persist the user login and add the credentials for them.