After doing some extensive research for a client, these are my findings:
One approach is using dash-auth, an official package. You can also go to the flask layer and use dash-flask-login. The main caveat I see with those packages is that they require modifying your app’s code, which gets tricky if you manage multiple Dash apps.
A more robust approach is to separate the authentication layer from your Dash app. Your authentication layer is available to the users, but your app is protected behind the proxy:
This way, you separate the authentication layer and no longer need to modify your Dash app’s code. There are many ways to implement this pattern; for example, you might use docker-compose or AWS ECS and deploy a multi-container app where only the reverse proxy is connected to the network, and your app is only reachable from the proxy. You can use NGINX or similar to implement the authentication layer.
For enterprise deployments, I recommend checking this out; we already did the heavy lifting of implementing a robust authentication layer that I just described.