with the caveat that external-facing or regulated data systems should use a full-featured identity provider.