WCAG 2.1 Compliance: How does it apply to password-protected web and native apps
As stated in the title, I'm curious if anyone has resources explaining (or experiences with) any adjusted WCAG criteria for "gated" applications. Does something being behind a password wall, with specialized tools and even more advance functionality tied to having a business credit card, fall into the same bucket as general web requirements (I oversee design at a fintech). Fortunately, I'd designed it so that the vast majority of our application is already visually compliant (couple of color contrasts to adjust, but no biggy), but the markup itself has some shortcomings, and it's unclear if it's an all-or-nothing deal for apps that are...pseudo-public.
To be very clear: not looking for excuses to avoid making our application compliant. I have an extensive background in designing public sites and apps for non-profits and government entities, and am comfortable with and a huge proponent of digital accessibility. It's all gonna get done, as fast as possible. However, I have limited resources at the moment, so it's a matter of what is a requisite and should be done first, vs. fast follows.
I've scoured WCAG guidelines, supplemental material, etc., and have yet to find a definitive answer one way or the other. Any advice would be much appreciated.