Not just the first login, but every subsequent login as well. Currently the behavior for PBA is to default to local machine login, and if you are a member of a domain then you have to use the drop-down to select your domain each time you log in to PBA. We get around this for now by building a bogus domain ID that starts with a number into the encryption policy - such that the ID would be at the top of any sorted list of usernames cached into the PBA. Our domain name then shows up by default. Would be nice to be able to set a default domain value within the PBA section of the encryption policy itself.