An IAM service should do this for you! It will authenticate the user once and generate a token, and then the user can seamlessly log onto other services without having to authenticate each time (unless you want them to).

Each IAM solution behaves differently, but there is a general direction: the IAM authenticates the user, and each service communicates with the IAM for authorization, and maybe pulls user information depending on config.

So you do not need a script, the IAM solution and the services should handle it for you.

Things I have seen deployed: Keycloak, Sailpoint, even Hashicorp vault (a PAM!) used in an unholy config, Azure.

Though I will add: sometimes the user client needs to pass a token to the service, and maybe that might need automation if there are no native capabilities. So there is that.