API Access for SAML-Authenticated Connected Application

API Access for SAML-Authenticated Connected Application

Is there a way to automatically generate an API token for a user when they authenticate against a connected application? It seems like very bad UX to have an extension get installed, the user to authenticate using SAML, then have to go back and create an API token so my app can access their data. My application needs to process data server-side so the API is getting called from the server, not through the client SDK. Is there a better way to approach this?