How would you design a secure authentication and access management approach for consultants working remotely?