I am building a PHP application and would like to lock the backend (even login page) to only be accessible to preauthorized people - even further be able to link activities to the authorized individuals.
I am aware that such locking may be done using SSL or a certificate of sort but not sure what it is exactly or how to achieve it. I have seen different companies implement it in ways as mentioned below
At one company, A user fills in a form with details and the company issues a certificate that the user installs on the browser in order to access the backend
Another company, A user is given an exe to run each time they want to access the backend.
My PHP application is running on windows server 2016 and I would like to know how to achieve both or either of the above. A resource or specific would be appreciated.
I am not sure if this question is right here or another Stack Exchange Network, kindly forgive my ignorance.