The first that I suggest using is an oAuth provider. Our repositories are hosted on Bitbucket so I'm using their oAuth, but there is also a Github oAuth plugin. The instructions to set up the plugin are very clear (see the plugin page).
When you're configuring your Jenkins to use the oAuth security remember to leave the Authorization setting to "logged in users can do anything" for now. We'll change this later, but we don't want to get locked out of Jenkins when we apply the security settings.
Now install the plugin Role Based Authentication Strategy (see the plugin page).
Add a new group called "Anonymous" and uncheck everything.
When a user logs into the oAuth they'll be given a message by Jenkins saying that they don't have any permissions. This means that not everybody with a Bitbucket account can access your site so thats a good thing.
You just need to add them to the roles plugin settings. Click Manage Jenkins then Manage and Assign Roles. Click on assign roles and add the user. Then tick the boxes of the roles you want to assign them.