I'm starting work on an internal app for an organisation soon which I'll be building on Laravel. They want to use their existing database of users on G Suite (/Google Apps) for authentication, plus us developers we'll also need access (and also have a G Suite account).
Security of this app is important as it'll be handling very sensitive data - so we won't want anyone else authenticating unless they're from one of our two G Suite accounts. I'm aware of Socialite for oAuth authentication which would save us some work - do you think it's a good approach to use in combination with some sort of whitelist which we can check against?
Has anyone else done something similar? What was your approach?