The terminology varies by vendors but essentially there are authentication portals that users will log into and receive auth tickets. These are forwarded to network gateways, usually encrypted in a vpn tunnel, that allow traffic based on user RBAC, sometimes region or time, etc.

Captive portals are web auth pages for use cases the more structured method doesn't work for. They were envisioned as making you sign in hotel wifi and such but work in the other direction as well by forcing a web user login before allowing traffic from a host for some period of time.