Just bumped into this post. I will face the exact same challenge in a couple of months. Have you got around this somehow?
We have not gotten around this. We still require our internal users to login instead of being automatically logged in via AD. There's a desire to keep our external users out of AD, so everyone is forced to login now in order to allow external access.
Thanks for the prompt feedback.