Hi James,
Personally i see no need to not use System.user. If you want to not use the default Mendix user and role structure, you are not using a very powerful way of managing security in your application. You will loose a large part of the speed and security of developing in Mendix.
Mendix can connect to external idps using SAML (https://appstore.home.mendix.com/link/app/1174/) and openID (https://appstore.home.mendix.com/link/app/111349/) for example. These modules both use System.user.
I am not familiar with “google SSO” but if one of the appstore components doesn't fit your need, you could use them as an inspiration for setting up your own sso connector.
James, here’s something especially for you;
Your idea of detaching the account from the process object isn’t a bad Idea. but it still needs a account and a reference.
If you do it as follows:
You cannot simply skip using the systems user. Anyone using the app must always authenticate to the Mendix app, using a System.User /Name+PW
Using the Google SSO doesn’t change that. Only the HANDLING of the System.User is put somewhere else.
Answering your additional questions:
I do suggest you first follow the rapid developer learning path: https://gettingstarted.mendixcloud.com/link/path/38
It explains the security model, where after the answers will make a lot more sense.
Also the learning paths about security will help you:
https://gettingstarted.mendixcloud.com/link/path/9
https://gettingstarted.mendixcloud.com/link/path/37