Questions about multiple organizations authorization

Hi there! Need some help/ideas about the following:

We have 1 tenant, many organizations and social connection via Google / Gmail.

  1. How could I match new users with existing organization by domain? I guess, it’s called Just in Time membership, but couldn’t find the way to do it with our type of connection

  2. Also we should give user an error if matching organization wasn’t found. Now we’re doing it with whitelist rule, but maybe there is a nicer solution?

Many thanks!