Restrict Mattermost Login based on AD group membership?


We have AD (Active Directory) configured on Mattermost Enterprise 9.2.2. We have a need to restrict login to Mattermost for members of a specific AD group. I tried using a custom “User Filter” under Authentication → AD/LDAP so that the application ignores members of the AD group. Basically using a NOT filter (uses ! in the User Filter). I then tried logging into the server and it worked fine on the first login for the user. The error received was “Your AD/LDAP account does not have permission to use this Mattermost server. Please ask your System Administrator to check the AD/LDAP user filter.” However, when the user clicks on the “Back to Mattermost” link or simply logs in again, user is able to login and can join any team set up for “anyone to join”. Is there a way to restrict Mattermost login based on AD group membership? Thanks.