diff --git a/backend/templates/_openid_connect.conf b/backend/templates/_openid_connect.conf
index 9e0589c5..19aa606d 100644
--- a/backend/templates/_openid_connect.conf
+++ b/backend/templates/_openid_connect.conf
@@ -18,6 +18,27 @@
             ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
         end
 
+        {% if openidc_restrict_users_enabled -%}
+        local function contains(table, val)
+            for i=1,#table do
+                if table[i] == val then 
+                    return true
+                end
+            end
+            return false
+        end
+
+        local allowed_users = {
+            {% for user in openidc_allowed_users %}
+                "{{ user }}",
+            {% endfor %}
+        }
+
+        if not contains(allowed_users, res.id_token.email) then
+            ngx.exit(ngx.HTTP_FORBIDDEN)
+        end
+        {% endif -%}
+        
 
         ngx.req.set_header("X-OIDC-SUB", res.id_token.sub)
         ngx.req.set_header("X-OIDC-EMAIL", res.id_token.email)