As far as I can tell there is currently no way to restrict who can log in via Google OAuth to your CodiMD instance. I'm thinking of something like the --email-domain= setting from the oauth2_proxy.