You could go with Google Sign-In for your user management (at least the login portion of it). However, Google Sign-In doesn't provide a way of managing roles and groups. You'll have to write that yourself.
I built a solution that you could try. It's free for developers and production uses for up to 50 users. It's called Passport (I know it has the same name as the Node library) and the website for it is https://www.inversoft.com/products/user-management-sso. It provides most of the user management features you need like:
- Role based permissions
- Login
- Registration
Right now it doesn't support groups, but I could probably add that for you if you need it. It also provides features you probably need, but don't have the time to write. These usually include:
- Login tracking
- Reporting (active users, registration and login reports)
- Emailing users (using FreeMarker templates)
- Localization
- Single sign-on via OAuth
- And a bunch more
Passport is pretty simple to install and get working. It uses a RESTful JSON API and you can install virtually anywhere using RPMs, DEBs, AMIs (for Amazon), ZIPs or Docker images.
On the flip-side, if you need an open source solution, I would suggest you check out CAS. CAS requires a bit more work to install and integrate with. You'll have to code a lot more by hand, but it is a good open source solution.
