By default, only you can access your apps, protected by "Single Sign-On" (SSO), provided by Auth0. It's so transparent that you'll hardly notice it, but try opening the app in a private browser window and see what happens!
The only exceptions to this default are the media streaming apps (Jellyfin, Plex and Emby), which a basically non-functional with SSO (since you need to access them from media players!)
There are cases where SSO will prevent you using your apps as you desire, for example the mobile clients for NZBGet, Ombi, etc expect to log into the service directly, and will not work with SSO.
We provide the ability for users to opt-out of SSO at their own risk (after having configured their apps for appropriate auth) but there are some things you should know first...
You are exposing your services and config to the internet, unprotected
Wherever possible, our apps default to no auth (since we have SSO). You'll need to manually change this when you disable SSO for an app, else you'll expose the app to the internet with no authentication. It's entirely possible that due to a bug in the app / container, there may be a way for authentication to be bypassed and your private data to be exposed.
Regenerate your API keys
Some apps can be accessed by API as well as by username/password (Radarr, Sonarr, etc). Within our environment, we pre-provision all of these apps with the same API key, so that we can pre-setup Interconnecting-Apps as much as possible. Even if you enable user authentication for these apps, they will still be accessible via their APIs with the generic API key used for every other user, and so your service will be left open to abuse. You must manually regenerate the API keys used for each app if you disable SSO, and manually update all the interconnected apps (Ombi, Prowlarr, etc)
Currently, regenerating your API keys will also prevent the badges on your dashboard from updating (we're working on a way to support per-user API keys via your account page)
Always test after making changes
After making any SSO changes, always test the results in a private browser tab to confirm that authentication is working the way you'd expect.