I have a WordPress site. I’ve developed three simple applications (features for testing) that are hosted externally (currently on Netlify). I want a small group of logged-in users on my site (employees using the service, around 100 people) to test these features. I’ve embedded these applications on WordPress pages using a standard iframe, which works fine, but now I need to add some security measures. Below is the logic I came up with. Please bear with me, as I work as a data analyst and engineer daily—this isn’t my primary area of expertise:

I have a WordPress site. I’ve developed three simple applications (features for testing) that are hosted externally (currently on Netlify). I want a small group of logged-in users on my site (employees using the service, around 100 people) to test these features. I’ve embedded these applications on WordPress pages using a standard iframe, which works fine, but now I need to add some security measures. Below is the logic I came up with. Please bear with me, as I work as a data analyst and engineer daily—this isn’t my primary area of expertise: