Security based Policy in SSO to hide the last logged in username / user profiles from the login screen is not compatible with AppGate. Other limitations are also listed in the article.
In the security policy of the SSO agent there is a setting that can be enabled that hides the last logged in username on the Client. This applies to windows clients (see http://www.thewindowsclub.com/make-windows-7-8-use-classic-logon-screen for more information on this setting in the security policy). If this policy is enabled, it causes an issue with the AppGate client that stops it from loading up and the user will not be able to login and connect.
For information on the Windows SSO (PLAP) client, please refer to the Admin manual here.
Other Limitations of the SSO (PLAP) Client
Once AppGate SDP SSO client is installed Local users can't use the normal AppGate SDP client.
Onboarding has to be done from the AppGate SDP SSO client for a user on a specific computer. If the user has already on-boarded using the normal AppGate SDP client, then the SSO client will fail.
Two factor authentication onboarding is not supported on AppGate SDP SSO client.
You should not set the Windows security policy to hide the last logged in username / user profiles from the login screen.