Internally mojoPortal uses its own user objects and user roles, you cannot change this. If you are authenticating against a different source then you need a way to sync users into the mp_Users table or automatically create one if he does not exist at the time of successful authentication. This is what we do for ldap or windows authentication for example.
But user roles will be only from the roles added to the mojoPortal user and the role cookie will only reflect those roles.
The pages and menu items in mojoPortal are already filtered according the allowed page view roles and the user's roles. If a user is not in an allowed view role for a page he will not see the menu item for the page and will not be able to access the page by url.
Hope that helps,