How can I login IAM Modules with an user who has a specific Active Directory Security Group?


I tried to use "Active Directory  User Account (manuel input)" Method and users can login Modules successfully with their AD accounts. But our customer asked me that how can we control the users' permissions? We don't want every AD users can login modules. Only users can login to Modules who are member of a specific AD security group which we will create. Is that possible to manage the authentication method based to AD security Groups?   Which authentication method do we use with what kind of configurations?