Azure SSO and limiting scope of user/group

Update: I was able to limit this following the article below:

Good day,

I was given the go ahead to purchase the enterprise license for Pritunl finally and have setup Azure SSO. I have searched quite a bit on this and cannot quite narrow down a way to do this.

Is there a way to limit the scope of who can sign in from our Azure tenant? Such as limit it to a group? Currently anyone who knows the URL could sign in from our tenant, I would like to keep that from happening.

Thank you!

Edit: I believe I might have found my answer right after posting this. Limiting access to the azure app (registration) that was created.

Azure should provide controls over which users can access the single sign-on application.

For providers like Google that don’t provide this organizations can be used instead. Set the default single sign-on organization to one that is not attached to any servers. Then create organizations that match user group names and attach them to the servers. Users in those groups will be matched to an organization. This will prevent users without a matching organization from connecting to a VPN server.