Sounds like a captive portal with authentication would be a good fit. Not sure if there is something like that for IPCop, I use it on m0n0wall and pfSense. You can authenticate users off RADIUS using a splash page (web traffic automatically redirected to login page), so you can integrate the authentication into your existing environment (Active Directory, *nix servers, etc.). In m0n0wall and pfSense, once you authenticate to the captive portal, you then have the defined firewall rules applied.
I suggest searching for a captive portal add on for IPCop, maybe such a thing exists.