Hi Sergio,
One of responsibilities of the architect is to gather all business requirements and translate them to the architecture.
The architecture created will then be given to development teams to implement.
I guess my question is: do you business requirements contain the information about external authentication mechanism that
you should use ?
If the answer is yes, then yes, you are done.
But if the answer is no, how can you assume that the system is there when, in fact, it is not there ? Where those who will have to implement your solution will take the authentication system that does not exist ?