There are a few ways to do this.. yes, you could pass this in a data layer, but then the info is available to the front and being sent in all your tracking calls (which people may take exception to as privacy concerns are a rather hot topic right now...
The other option is to use Customer Attributes.. if you have unique customer IDs you should be able to stitch these to data from your account Database through imported files:
https://experienceleague.adobe.com/docs/core-services/interface/services/customer-attributes/attribu...
https://experienceleague.adobe.com/docs/target/using/audiences/visitor-profiles/working-with-custome...
This does require updating the data, but it does avoid sending it into your tracking directly.
You are correct though, in both scenarios, the users must be logged in to know who they are... unless on logout, you are remembering their user ID and still able to stitch those values back to them.
