Setting up Zero Trust on pfSense

Interesting post. In order for this to be a ZTM model, it needs AAA (even in egress). Is this being done somewhere else in your setup?