One of the greatest awesomeness of MongoDB is that it is schemaless, i.e. you are not forced to use some predefined set of columns. Another MongoDB feature is lack of JOINs.

These two statements mean that you may construct any schema you want, but try to have all required info in one collection. For example I used schema like this in one of my applications:

{
  "_id": "student_001",
  "password": "65c20e5a89d6b13df450b50576e2edfb",
  "firstName": "A",
  "lastName": "B",
  "secondName": "C",
  "email": "a@b.c",
  "role": "STUDENT",
  "active": true,
  "paid": 0.6
}

You can use _id for any unique field of any type (not only ObjectId), I use it for logins. You just need to cover basic org.springframework.security.core.userdetails.UserDetails getters with data from this schema, but also you can add additional fields to the implementing class.