By default K2 uses AD for its authentication and authorisation mechanisms. It also ships with a Security provider which allows you to use a database as an alternative user information provider. You can also build your own custom Security Provider which can be plugged into K2.
The steps to achieve this involves writing a DLL implementing the IHostableSecurityProvider interface (SourceCode.HostServerInterfaces.dll in K2 install directory) and registering it with K2. You will need to update K2 database table entries and also need to sign and copy the DLL into the K2 install directory.
You will implement the methods required to work with your users and groups. K2 will use your code for authentication and authorisation.
This article has some sample code