Hi John,
Mendix provides enterprise grade security and authentication. It is in use for quite a few public apps.
The demo-users you are referring to are only created when you testrun your app on your local machine. In the cloud that will not happen.
Access can be granted to users using roles, which you can use to make sure no one sees any data that he/she is not supposed to. See https://www.mendix.com/evaluation-guide/enterprise-capabilities/security-model/ or https://docs.mendix.com/refguide/project-security/
Here is some info on integration with third party authentication/authorisation solutions: https://www.mendix.com/evaluation-guide/enterprise-capabilities/identity-and-access-management-iam/ These integrations can be tricky as it depends on many specific factors in the enterprise environment. A learning path exists on this topic: https://academy.mendix.com/link/paths/37/Configure-Security-and-Access-Management but because that requires quite some experience i believe it is anly available to Mendix Expert certified professionals.
I hope this helps.