Hi everyone!
In order to prevent such users logging in through the google social connection, you could check if their domain is gmail or not and prevent authentication by using a Post Login Trigger:
if(event.transcation.protocol === 'google-oauth2' && username.domain != 'gmail.com")
{
api.access.deny('reason");
}
After denying access, you would need to delete the identity created by their login attempt as well.
Kind Regards,
Nik