Rejecting OIDC Azure AD new user registrations (default role)

Hello,

I've recently set-up a BookStack instance (v25.02) for use with OIDC and Azure AD. Works very well from what I've been playing around with. I have created groups for admins, editors, viewers, etc. and assigned their GUIDs to the roles in BookStack.

But what I can't figure out, and what I'd really like to do is to prevent any new default role registrations if the user hasn't been allocated any other role, and reject them at sign-on time (e.g. "you're not in this particular group, no access for you!")

Is there a way of doing this? Any help greatly appreciated.