In regard to authentication and permissions, there are two approaches.
Classic Authentication Strategy (Designer and Vision Only)
Classic Authentication Strategy involves a concept known as a User Source, which is a configuration that contains multiple roles and users. Users are assigned roles, and security restrictions within a project can be used to check if a user has one or more roles. User Sources can be "internal", meaning all users and roles are contained within an Ignition Gateway, or externally stored in an SQL database. Furthermore, User Sources offer integration with Active Directory.
Identity Provider Authentication Strategy
Ignition can also integrate with Federated Identity Providers (IdP), allowing users to authenticate against a trusted third party. The Identity Provider Authentication Strategy works by assigning Security Level restrictions to various features within Ignition, and utilizing User Attribute Mapping and Security Level Rules to assign Security Levels to users.
Ignition can integrate with both OpenID Connect and Security Assertion Markup Language (SAML) providers. In addition, Ignition can act as an Identity Provider for isolated systems.