Please elaborate on how you manage tenant access and authorization to your solution and do you provide any form of federation framework or Single Sign On (SSO)?

Internally, all access is controlled by Azure AD. External access (like the HR department of Grundfos or our response teams) my sign in with either 1) their own company credentials through Azure AD or own operated STS, or 2) a local Username/Password account (backed by Azure AD B2C).