4👍
The magic word herefore is kerberos authentication.
Your user does not authenticate against your django application but against your webserver. Your intranet probably has a kerberos service running, that authenticates your user for you and just gives you a user name in REMOTE_USER if he is authenticated.
You can then search your LDAP for specific Access Rights or have an own database with special access rights.
Here is a short article from CentOS. It is very important what your environment looks like, so all I cann do is show you the direction 😉
Source:stackexchange.com