Prompt for OTP not working with host entry using template for session.

I use direct RDP or SSH sessions or BeyondTrust PAM as a proxy at work which means I have a huge amount of entries and everything is duplicated for when PAM breaks.

The way I have it working is via the BeyondTrust PAM Direct Connect gateway method using the guide https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/cloud/admin/ssh-rdp-connections.htm

.\Sessions
Entry type - RDP Session
Name - hostname
Port - 4489
Host - _Gateway\PAM\BT PAM Gateway
Credentials - _Credentials\PAM\BT PAM domain\user_admin
One-time Password - Prompt & Append to the password

.\_Gateway\PAM\
Entry type - Host
Name - BT PAM Gateway
Host - pamserver.fqdn

.\_Credentials\PAM\
Entry type - Username &Password credential
Username - domain\user+domain\user_admin+$LINKED_OWNER_NAME$
Password - <ADpassword>,<PIN>

This takes the name of the session entry and adds it into the end of the username in the credential entry.
It prompts me for the OTP tokencode and appends it to the password.
It then connects via the PAM gateway entry using those credentials.

This makes each entry complicated and when it breaks you can easily get in a confusing mess. Instead am trying to use templates to select the connection method (direct or pam). One host entry per server would then be needed and the complicated config is in shared entries.

.\Session
Entry type - Host
Name - hostname

.\_templates
RDP AD Direct - (a normal 3389 rdp session using a linked credential)
RDP Other Direct - (a normal 3389 rdp session to a non ad server)
RDP AD BT PAM - (a PAM 4489 rdp session using a linked AD credential and the above rules)
RDP DMZ BT PAM (a PAM 4489 rdp session using other credentials and the above rules)

Open the session, select the template then it should work the same as the individual ones I have set up now, but it doesn't work. This is probably due to the OTP not being appened to the password. The MFA is a Gemalto physical token or Mobilepass application on my phone. It is not accesible through api or any method on the laptop and must be appended to the password for RDP sessions. Therefore OTP with prompt is the only method I can use.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTP can go on the host, template or folder but doesn't seem to work on any of them now I am using templates, which is the correct way to do this?
Why can you not add the OTP prompt to a username&password or OTP credential entry?
I can see here that it is not implemented everywhere, so perhaps this can be changed https://forum.devolutions.net/topics/38254/sftp-with-otp

An extra field has appeard on the host/session One-time Password called combination string. Is there any documentation or examples for this?

The $LINKED_OWNER_NAME$ variable might be being lost now as well. Is linked owner the correct variable to pass information from the entry selected to the credentail?
I'm not sure that is the best one to use any way and it means the name has to be exactly the hostname. I cannot use $LINKED_OWNER_HOST$ and there are few others.

Is there any kind of debug console to watch what is happening so i can figure this out myself?

I am aware of the RDM / BT PAM integration but an MSP owns the system which prevents us using it at the moment. It may not solve the issues we have with what they have set up anyway.