SAML2 integration path; 2FA and passkeys modules support modern credential policies.
Vaults track passwords and certificates for operational reference—distinct from Source A’s Secrets abstraction but similar operator goal.
Role and permission screens under user menu / admin—enterprise teams can segment access by section.
README SECURITY policy and reverse-proxy header warnings belong in deployment runbooks.