There's a couple options to do this.
One is Kentico has in the Context class an Authenticate function that you can bypass everything and just "log in" as a user. This can be utilized with some sort of authentication (make sure it's secure), so when you determine "yes, this is the user, he is authenticated" you can log them in. The below was from kentico 7, but there should be a similar function in 8 and 9
There's also things like Single Signons, which if they are signed into something like Azure's single signon you can redirect users to the Azure SSO page if they aren't authenticated, and if they are already logged in it will send them back and you can log them in.
Hope this helps, there's many options, but just look up the Authenticate method to utilize what you want to do. There may be other options like REST, but i would check kentico's documentation on that.