Yes they can.  Pentaguard uses a standard OIDC/OAuth service internally to authenticate users but this can be federated to use your own OAuth or LDAP authentication services.