The Form Authentication within the Kentico Admin and the Public facing website is essentially the same in a standard, non-MVC site in v11. You can use the built-in tools in addition to the
Microsoft.Owin libraries along with the users within Kentico to restrict access to areas all over the Kentico UI and the public site. How you perform those checks will most likely need to be done in your MVC controllers.
Check out the MVC DancingGoat project in version 11 on GitHub, it may help you see where the link between the two will come into play.