You could tackle this by using a Reverse Proxy (Such as IIS or Apache) which has a customized logon page. That logon page would then Single Sign-in (SSO) you into Splunk, so you dont have to type a username in twice:
Details on how to configure this are here http://docs.splunk.com/Documentation/Splunk/6.3.1511/Security/HowSplunkSSOworks
Then when the user logs in, you could make it so they only get access to your specific App, or at least make it the default app depending on your use case and whether they would need to see other Apps or only this specific one.
To display the currently logged in user try using the rest API, something like this.
| rest /services/authentication/current-context | table username