@silverwizard @mhamzahkhan You could also look into Keycloak + (Open)LDAP for an SSO option. I'm thinking you could also run FreeIPA LDAP and set up Keycloak with that for a decent SSO setup for your lab.
I'm still looking into options myself. There are a bunch of ways to do the internet-to-homelab proxying with solid SSO and security throughout and I haven't found out what works for me the best quite yet. Part of it is doing proper implementation of ZeroTrust principles throughout the entire process.