Currently, there is no built in functionality to track who uses the MSCA. Would suggest submitting it an enhancement .
Most sites log have a system where they check out the MSCA when they want to use it and check it in when they are done. Some have a manual process and some have an automated process.
A user written program could be written to force the user to signon, log the activity to some kind of dataset or log file, then generate a new MSCA password and give it to the user. When the user is done, another program could be created to reset the password to something else so it can no longer be used and log to a file or dataset that the MSCA was checked back in.