I set up Google as IdP to grant access to a particular app to a group of third party users. I also use GSuite for our main user base (Okta as Idp, mastered through AD). I have noticed a couple of our users have been popping up in my external user import group. I assume they tried to access Google directly, got the Okta sign on and clicked on the custom link rather than just importing their AD credentials.
Assuming I cannot restrict who gets the custom link, is there a way to restrict the Google as IdP import by something like email address (the externals who should access the apps have aspecific email domain).?
Thanks for reaching out to Okta Support! Since the configuration that you have is pretty much unique, my suggestion will be to open a ticket in order to be able to analyze your environment and see what it may be wrong in the setup. At first look, it may be because you may have JIT provisioning and you may have those users in one of your Organizational Unit, but the best way it will be to check this over the ticket. Hope that you will have a great day!