Your company uses Google Workspace and has an internal application deployed on Google App Engine. How can you prevent an external user from accessing the application, even if an employee's password is compromised?