Password Managent for RDP sessions using SSO

Hi,

We have applications within our system which have recently been enabled with Single Sign On.
Since we are using RDP sessions to run our automated processes, this means that now, we do not need any application credential to login to our system. The windows crdentials used to login to virtual machines can now be used for application access with SSO.

Our secuirty team has concerns over this as this allows our developers to have access to production systems which are SOX compliant.

How can we separate out the Virtual machine credentials with application access using UiPath such that the developers can still login manually to VMs (for troubleshooting) and are not able to access the applications directly using SSO.