Industry standard authentication mechanisms based on security token services should be available and supported out of the box. OAuth support is not enough (and is really pointed toward authorization more than authentication, anyway). This could be handled by enabling the .NET Windows Identity Foundation libraries within the application and providing a GUI to handle the configuration.
Microsoft's ADFS is an example of an STS popular in intranet environments. Others include Thinktecture IdentityServer, Oracle Access Manager, PingFederate, et al.
Note: no one in industry seems to have a nice GUI for configuring the application side of things (lots exist for the STS itself) so this is another way for DNN to differentiate itself in the market.