Many of the organizations already have a IdP available. Lago could leverage e.g. OAUTH2 (as it's currently one of the most popular protocols) to give ability to authorize API requests and give ability to login via the frontend which could potentially be beneficial in case of other features like giving access to usage/invoicing data that is currently being developed.

Proposed solution: use one of the sso libraries avialable and give ability to configure required paramters. Give ability to restrict who can use the system based at least on some group or give ability to configure the permission field from the JWT.