Where I work we never need this though, we have a jwt server that can serve a time limited token for work account that various systems can accept.