In this case Authentication/Authorization is no longer maintained by the Web/Application Server. Instead a central Single Sign On Server (SSO) handles Authentication & Authorization, setting a session token.
The Backend Server is responsible for both the authentication and authorization. It is the Backend Server that informs both the end user and the Frontend Server how the authentication should be accomplished. When the end user initiates the login process, the Backend Server will inform the end user that it should use SSO as the authentication mechanism. The end user will then be redirected to the identity provider. Upon successful login with the identity provider, the Backend will be informed and grant the end user access to the Backend Server resources.
Underlying the Panopticon Server provides access to data and workbooks as directed.