Hi Kumar,
If your application is depending upon Windows Identity (AD service account) in order to work, then why using CA SSO?
CA SSO as agent, after NTLM authentication, the agent is going to take user account that logged in through SSO, that is how the product is designed to be.
Or maybe there is some kind of sequence of events that need to happen at different stage of application flow.
SSO authentication first then access app, or access app, then go for SSO authentication.
You need to further examine that with your application team.
There is also ACO called EarlyCookieCommit, but is used on case by case basis.
List of Agent Configuration Parameters - CA Single Sign-On - 12.52 SP2 - CA Technologies Documentation
Thank you.
Hongxu