Same answer....really. You can do this yourself. Once you login to the OS, and you launch the application, you can use the currently logged in user to log into your application. You would just pull the user and then line it up within your application. you can use AD logins, but you are still required to have an SF user to which permissions can be assigned.In our medical application we will have a feature that uses biometric logins that both logs in the OS as well as the application...so this way they do not have to log in twice. You can handle OS system login events to trigger when the user changes if your application is running or if you have a service running...there are a lot of ways to go about this. In our case, if the user changes we re-login the user with the new permissions and credentials...just like a lock session but automated. So there are a lot of ways to go about this but is not something that we will ever try to "automate" on the framework side as there are just too many different ways to approach this...that is why we expose all of the authentication methods through shared classes and created event hooks, etc.