I'm sure I'm missing something obvious, but isn't there supposed to be a password protected area of self service? I would like to be able to create policies that are only accessible to my technicians.
Yep, you will need to put the technician group(s) into the Scope for the policy (as a Limitation) to limit it, and only they will see it and only after they've logged into Self Service with their credentials. You will still scope it to all computers.
There is no separate area, but you could certainly create a new category for those policies to accomplish the same thing. Users without access won't see that category.
the "require login with LDAP directory account" setting needs to be enabled under self-service options in the JSS for this to work. If you have LDAP in your JSS, you can scope policies based on LDAP groups and offer them in self-service.
Also note that there is an "Allow users to log in to the login menu to view items assigned to them" option, which is a middle ground between requiring *everyone* to login or not having any user authentication at all. Both are in Settings > Computer Management > Self Service > Login. It's useful if you just want to have a few technician-specific policies hidden away, but in my experience can be problematic from a user education standpoint if you use it too widely.
Yes, I do not recommend forcing every user to log in to Self Service unless you are heavily fencing off policies based on their group memberships (which implies they would have to log in each time anyway, and making it optional makes it confusing).