Hi and welcome to ServerFault.
Your question is rather broad and can not possibly be answered in a useful way without further knowledge about your environment, and it's doubtful whether it can be answered in this form.
For us to give you pointers on how to proceed or ask more focused follow-up questions, you would need to give details about
- the application(s) you want to protect,
- how they handle authentication and authorization,
- how they expect users to be provisioned (in their little world),
- whether they are completely under your control,
- if you are able to customize them,
- the target platforms you to support (Windows, Linux, Mobile, Web, whatever),
- whether or not you want single-sign on (SSO),
- where your user accounts live now and how that user account "store" is accessible.
Be aware that even you give details, this question can't have an exact answer, as we know nothing about what budget, what legal requirements, or other non-technical circumstances you might have that you haven't considered yet.