Replying to myself in case anyone stumbles across this issue in future (or if Totara want to do a bit of work on identifying why it happened):
Our single sign on solution has two mechanisms to enter credentials:
Using the Windows OS to enter it directly
Simulating the keyboard typing the credentials in
The new Totara login screen broke the first method so they switched to the second, and that seems to have resolved it. You now see the username and password being "typed" in (with the password still safely obfuscated) and it then submits the form and logs in, so it looks a bit retro but seems to work well enough.