Ah.. ok, this is helpful context. Makes sense now. Two companies, two separate GSuite accounts, but only one OP -- Google.
I think this is outside the scope of what passport is good for. Passport is intended for situations where you have distinct external IDPs for users, e.g.
- `firstname.lastname@example.org` needs to get sent for authentication to `idp.company1.com`
- `email@example.com` needs to get sent for authentication to `idp.company2.com`
A better way to do this might be to limit access in your app based on a specific scope that is requested and obtained when a user authenticates.
So now all users are still sent to Google for authentication, but only users that come back with the right scope are granted access. This is something you would configure in your application though, not your Gluu Server.