Hi @arozar,
Authentication and authorization in MAAS are handled through a combination of RBAC, Candid, and an identity provider (e.g., SSO) (link).
The post below can help visualizing how the “MAAS/RBAC security architecture” elements interact between them:
https://discourse.maas.io/t/rbac-and-candid/6724/2#heading--the-rbac-maas-security-architecture