[keycloak-user] Limit Google authentication by domain?

Hi, is there a way to limit the Google authentication to only work for users that have a Google account in a specific Google app domain? Right now it seems that anybody with a Google+ account can login once you enable it. Is there an out-of-the box way to get this done though configuration and if not what would be the simplest way to implement this? Thanks