There are a few ways you can handle this and it depends on how you have your sites setup/developed too. If you're using MVC, simply have a subdomain for the user to go to. Pretty simple, no need to obscure anything else.
If you're using portal or aspx, I'd suggest restricting access to the URL's you mention by IP address. You can also restrict it by roles, which is a standard asp.net functionality.