In the access policy for one time password. I have added allow policy and include to one email : [email protected], when i try to use other other email i dont get otp which is good but how to redirect to no access page.
You don’t. Access doesn’t behave any differently with a valid email address vs. an invalid one by design. Sending an address to a no access page would allow an attacker to enumerate valid email addresses and provide an attack vector for valid accounts.