It does, there's a whole user management and permission model. Check the screenshots, there isn't much written in the docs: https://nginxproxymanager.com/screenshots/

It doesn't do SSO with SAML, OIDC, etc. like more heavyweight solutions. It's basically just a database of users (not even LDAP, it's all internal) who you grant access to proxied apps. Internally it just uses nginx's forward auth proxy support to do all this, it's not using anything complex or fancy. You'll have to configure proxied apps to read the logged in user from a header that nginx sets on redirect (most apps can do this, but not all).

edit: Spin up a docker container of it to kick the tires, it's very easy to get going and see what it can do: https://nginxproxymanager.com/guide/#quick-setup

Thanks!

I already have it running, I just had no idea it could do that. Guess I know what I'll do on the weekend :)

Yeah I can't find anything on the site about that. Could be a killer app if it also had some Fail2Ban mechanism + auth gateway. Then I could host apps that may have questionably robust auth and feel a bit better about it exposed to the internet.