How to manually set up GitLab Pages *without* DNS wildcard

I am trying to set up GitLab Pages with access restriction (you need to log in first) without a DNS wildcard, which are not available in our organization. However, since we only need it for a single group and GitLab Pages subdomains are based on the group name, I thought it should be possible to set it up without a DNS wildcard domain, since I feel like there must be a finite number of subdomains that I need to set up manually to make it work. But so far it doesn’t - maybe someone here can help?

If our regular domain is gitlab.example.com, the Pages domain is supposed to be pages.example.com. In addition to the main subdomain pages.example.com (which is a CNAME record to gitlab.example.com), I manually set up groupname.pages.example.com and projects.pages.example.com (both as A records), all pointing to the same server. When I try to access groupname.pages.example.com, I get correctly forwarded to the sign in page. Once I sign in, however, I get an error The redirect URI included is not valid., even though the redirect_uri seems to be ok (it points to https://projects.pages.example.com). Thus I am not sure where to go from here… any suggestions?

P.S.: I know about https://gitlab.com/gitlab-org/gitlab/-/issues/17584, but we do not want to wait that long…