How does this compare to Pomerium or other open source IAPs?
Another contender in this area would be:
https://github.com/oauth2-proxy/oauth2-proxy
I've used that to gate-access to internal things behind gsuite domains, and it supports authentication against github and other providers too.