Auth
You can put any kind of a web-server in front of Shiny, e.g. nginx, apache, Caddy, which you can likely configure to hook into your auth system, and then reverse-proxy to the shiny server instance. nginx + Auth0 can be powerful (e.g. https://auth0.com/blog/adding-authentication-to-shiny-server/), and may provide easier or more flexible integration into existing identity providers, if nginx alone isn't workable.
If you're in a larger company or university, their networking experts should be able to help you configure something like a nginx reverse proxy, which could be on the same machine as your app.
Users
In general, I'd recommend against using IP to distinguish users; this seems rather error-prone.
I think @paul is right about reading the user inside the app, unfortunately.
Another option would be to have distinct apps per user, and redirect through the frontend web server. So if "Alice" logs in, the identity provider knows shes user alice, passes that to e.g. nginx, then nginx reverse-proxies to some app, while it would send user bob to a distinct app or path.
Docker and a good continuous integration system would go a long ways towards making this a manageable, not-too-brittle workaround, but I think there's a fair amount of work here regardless.
Best of luck!