Either is a possibility, that's really up to you. But generally speaking, CA does not recommend using the built-in authentication mechanism, and most people use some other authentication, such as LDAP or an internal system. But perhaps you're OK in your case, if you don't expect to have a large number of users.
If you decide to just use the built-in authentication provider, you will have to manually create and manage users, obviously, unless you create an app to do that.
The biggest question here is: how many users do you expect to have? If it's a dozen, perhaps the built-in authentication provider is OK, If it's many thousands or more, you'll almost certainly want to use something else.