So if my org has multiple users and multiple machine-to-machine apps. How can we only let a few in without hard coding username’s?
Being machine-to-machine apps can be added to groups, I was hoping to use that but a Developer Support Engineer so far has been unable to get this to work for me, case: 00807774? How are others solving this problem?
Adding custom-groups didn’t work for me - How to get Application Groups instead of User Groups in my token?.