Best strategy to use the Ui5 application in cloud platform and odata in R/3 Gateway

Hi experts,

I'm try to explain my doubt.

We have a SCP to deploy an application SAPui5 and this aplication get the data in SAP NW R/3 with Gateway using oDATA by destinations.

What is the best strategy to manage the user login?

With the team we consider a strategy through Cloud Identity Management tenand but we are not sure.