Hi David,
Regarding your question about support for Enterprise Logins (i.e. enterprise identity stores served through LDAP providers like AD or SAML providers like ADFS), I think when those are used, token authentication does not happen between the client application and the Portal but between the proxy and the Portal.
Don’t get me wrong, the Portal only understands ‘tokeneze’ language when authenticating requests to secure items, however in the configuration above (just like when you use a web adaptor and IWA with ArcGIS Server), the proxy in front of your app (i.e. Web Adaptor) establishes the connection with the Portal using tokens while your user is authenticated at the proxy level say using IWA (this is also known as web tier authentication). So client app requests secure Portal content using the Web Adaptor URL, passing the user principal from AD. The WA authenticates with AD, then proxies the request to the Portal URL (switching port to 7443 and appending the admin token). No token is issued to your client.
Long story short, for Enterprise Logins your python app does not need to pass a token or a user + pass. If things are configured correctly (i.e. Single Sign On works), the only thing needed is the URL parameter like this:
myGIS = GIS(url=‘myPortal.com/home’)
Hope that made sense.
In any case, with these things verify first, trust later.
...yes Esri listened this once. Also, they are soon going to allow creating admin connections from Pro to AGS which is not currently possible and is a slap in the face for all customers that bought core-based AGS licenses. Progress of a kind.