Can we restrict External Auth box only