Basically you idea is, if you device is not trusted, auto logout and reauthenticate. But if you trust your device, ie a desktop, you can give a little and let it auto sign in?
Not sure what the plan with apps would be, it's a pain to have to login all the time. Saying that, i only have a few apps that actually require login, or that i've set to require login. Emerge asks for a pin for every access if it's been minimised, and a password for a longer timeout. It's a bit of a pain, but not that bad actually. The only pain is that it's not the same credentials as AD. This was asked about on an Emerge thread, but apparently it's not easy to implement.
I'm involved in several projects right now to look at SaSO vs SSO and the impact it has in different users. For instance, a possibility is that pupils have an extended SSO facility to ge into learning platforms, a reasonable argument, and the data held in here and most (not all) associated pupil used apps contain less confidential info... Compared to staff who access she'd loads of confidential info, perhaps in school and LA systems. Much less SSO and more SaSO for staff due to the nature of the informaion. Talking convenience only (not practicality): going back to the banking idea, would you be happy having SSO into all your online accounts, or rather SaSO (forgetting for the moment you should have different passwords for this really, but we are just looking at convenience!)