SAML and/or better OAuth or OIDC integration with Line-Up user roles as variables would be good for security and access management. If that is too much for now, authenticator-based MFA would be a good step. Spoofable SMS 2FA is a vulnerability with so much commercial and customer data at stake.