We have written our own credential provider and installed it on a Win12r2 server.
Our CP performs an adaptive multi-factor authentication and logs the user in once the multi-factor authentication has been passed. If needed, the user is sent a one-time passcode that they must enter to complete the login. If the multi-factor is passed, there is no need for any additional passcode and the user is automatically logged in with just their ID and Password.
However, when accessing the server via terminal services (MSTSC), even when there is no need for a one-time-passcode, the user is forced to log in a second time, when they have already logged in correctly via the terminal (MSTSC).
I have tried to setup all the "Allow" options for credential delegation using [TERMSRV/* & TERMSRV/*.ourdomain.com] via the Local GPE and also the Win12r2 Domain Controller Default GPO (Local Computer Policy-Computer Configuration-Administrative Templates-System-Credentials Delegation) but this did not allow the caching of the users credentials.
What is the right way to remove the dual login with a Custom Credential Provider?