Auth0 does a whole bunch of stuff out of the box which is why we use it in our example. A common use-case is the one you describe: You have an IAM system, but need to do user management for the ledger somewhere (connecting users to parties) and your IAM system can’t issue custom tokens.
If your IAM system covers the user management, like AD does, you can probably get away with an ideneity and access proxy (IAP) like ORY Oathkeeper, which allows you to transform the tokens on the fly.
If our IAM system doesn’t store meta-information like DAML parties belonging to users, you need some additional infrastructure that stores that information. An easy example would be storing a file next to the Sandbox which contains the mapping from external identity to DAML claim, and a custom Auth service which validates incoming tokens, looks up the claim from the file, and then returns that.