Might not be quite what you want, but if you just need to block all access to everything unless logged in, then integrating a hosted SSO into your ingress is a simple, low management option.

I've been using an old trafeik setup with Google's SSO, whitelisting certain accounts, and had no problems with it for years.