Unfortunately, in the Qlik side there is nothing out of the box that you may use to prevent unwanted / uninvited users globally, but in the other hand, there is one that could possibly be a some sort of solution, which would required human interaction, one you need to setup a AD with a filter, then this filter will add those user in the QMC, then other people that are not invited, you must identify it, and the in QMC>user> edit user> select "blocked", this will block them and the next time they access they will see a pretty message saying " Your account is inactive. Contact your administrator to activate it." However, for a systematically that can may affect globally, I am not sure is there a way in the network level that you may discuss with you network team, that possibly certain group are allow to access the URL, with a Load balancer rule, etc.