Loginhooks are commonly used in OSX and the instructions on how to do this is available at http://support.apple.com/kb/HT2420
I used the command
sudo defaults write com.apple.loginwindow LoginHook /usr/local/bin/loginhook
The less used option would be a logout hook.
This would allow cleanup actions upon logout
I used the command
sudo defaults write com.apple.loginwindow LogoutHook /usr/local/bin/logouthook
Its obvious that the parts in RED are the paths to the scripts and made executable.
I used the above to map mount points in SMB shares in AD binded domains and to unmount them after. Small caveat that loginhooks runs as root and at point of execution, doesn’t have the SSO credentials of the user. I introduced a send to background and sleep of 60 seconds to allow the user time to login successfully and therefore the mount command would make use of SSO. This introduces a lag in mounting, but simplifies the script.