CF Access / teams rule for OIDC Access only? (SAML works)


I am using the free tier (thank you) of CF Access and wish to restrict users access to only the ones who successfully login through my external OIDC provider.

I am converting from SAML to OIDC but cannot seem to replicate the SAML rule… to its OIDC equivalent …

Deny Users (deny) Includes → SAML Groups: (Role, user)