It seems that as a user, I should only see buttons for applications I'm granted access to. Currently I see all of them when I'm logged in. I understand that if I press them, I get an authentication error, but from a user experience point of view is bad. From a security point of view, showing people things they aren't supposed to see as part of their job is also bad.
We’ve implemented this in the new version of the user portal. Users will only see applications they have been granted access to. Thanks again for the feedback!
This question has received the maximum number of answers.