Application access rules for dev pages

I would like to setup my pages domain with the one time authentication, when setting up one time my custom domain all works well. How do you suggest i protect the domain while not impacting onetime login on the other domain or what other suggestions would I have to use one time access on both the project domain production deployment and custom cname associated with it?

configure-apps/self-hosted-apps/ did not really answer my questions but this is what section im working in.