Using an Active Directory user source we’ve used Enable SSO Login (bottom of picture). Rolls are handled in Active Directory Groups. Rolls that should be allowed to launch the project are put in the Required Client Rolls (Project Properties → General → Required Client Rolls). Our production stations automatically log in because their user is a member of one of these rolls. Desktop users who are authorized are automatically logged in because they are part of a different, but still authorized roll. Everyone else is directed to the login screen where they have the opportunity to supply credentials for an authorized account.
