I am in the process of implementing Cisco ASA 5512-X devices with FirePOWER to replace WatchGuard firewalls. The WatchGuard devices in use are currently wrapping access to various services with a dynamic access list feature of WatchGuard called "WatchGuard Authentication". WG Auth works via the user authenticating to an HTTPS login form hosted by the firewall, then opens access to the services it protects (i.e. access to the services it protects will drop connection attempts if the source IP is not WG Authenticated).
Needless to say, this is quite useful for home users with dynamic public addresses that require access to (hopefully encrypted!) services that you do not want to expose to the entire public.
So on to my question... is there an equivalent to this functionality within the Cisco ASA 5512-X? I am fairly new to the ASA platform and from my research, the only thing I can find is the VPN services (AnyConnect). I would prefer an option that does not require the source to install any VPN client software (but will accept that if it's the only alternative).