I have several custom internal browser based application being used by several thousand users from an Andoid based device. Android can not pass credentials unless the you put the app in application wrapper. This was rejected by the company. User agent exceptions will not work because these are company owned device and they don't want unauthorized traffic in the device. The applications are distributed in both the Google and Amazon clouds so there are too many IP addresses to whitelist, and the code does not point to an FQDN to whitelist.
I was thinking of having dev put a custom XML element in the topitems section.
So the topitems currently look like this in the MWG: