For a user to be able access data, the user must be authenticated. By default, there are two ways in which to authenticate a user. You can use the local sign-in, which is handled by the portal and uses the email address and password on the contact record, or you can use Azure Active Directory (AD) for internal users.
You can configure additional identity providers such as LinkedIn and Facebook. The benefit of using an external identity provider is that you do not need to manage passwords, thereby reducing the overhead of user management.
The user's password is held as a hashed value in a secured field on their associated contact record. You can change a user's password by clicking on Change Password in the action bar on their contact record. This opens a pane on the right-hand side. Enter a password, click on Next, and then click on Done.
Once a user is authenticated, you can control access for that user to web pages and data.
...