A client of mine has a number of windows machines, and a well-organized Active Directory setup. The small group of users who need to be able to create deployment tokens are all in an AD group, and it was pretty straightforward to use the LDAP auth backend with vault to allow them to create those one-time use tokens using their normal network logins. Everyone's super impressed so far.