For user authentication we use Auth0. This service allows us to use our own database with user information (credentials) or use SSO systems such as ADFS, Azure or similar. Furthermore, the system supports 2FA (Two Factor Authentication). Only authenticated users are allowed to fetch and/or modify data. This is governed by our authorization layer in the application. The authorization layer defines which data is available to the authenticated user, and only data that is filtered through the authorization layer is returned to the user. Each user can belong to one role (per account). The role defines the access rights in the system ranging from "Admin" (access to all) to "Reader" (read only access).
