This is not really a technical question but more of a compliance / SOX (Sarbanes–Oxley Act) / security matters at enterprise. Some of the financial services customers in Japan have strict rule about who conducted the operation in applications for auditing. For example, customer has many legacy applications which requires authentication. RPA can log in to these legacy applications to do his work as long as he has credentials, but if Robot uses shared user ID, or dedicated Robot ID, it may become an issue as it can't be tracked later who actually did it. Is there any standard practice in this credential usage in RPA environment?
In your case I would recommend using the following approach:
Make sure (or assign if not yet) each robot instance uses unique Windows login to log on to the runtime machine (whether it is VM or physical desktop). This will guarantee that all SSO applications are accessed with unique accounts by each robot instance, so you will be able to audit what was done by each robot instance.
Assign each robot instance unique credentials for all non-SSO applications (legacy applications) to be able to audit actions performed in these apps as well.
Please make sure that all desktops/VMs with runtime have unique names (by default robots register in Robot Manger under Machine Name) - this will allow you to see in Robot Manager which case was processed by which instance of Robot.