I recently developed an internal website for one company that requires to be accessible to employees only. I decided to just limit access to by IP address. This way everyone on the office network could access easily, but outside the network they would get an access denied message.