A company seeks to make its sensitive internal website accessible publicly while ensuring that only authenticated employees via the company's OIDC IdP can access it. What steps should a developer take to implement this authentication without altering the website itself? (Select two appropriate actions.)