I've been exploring setting up OpenID Connect to allow our our customers to sign into NS customer center, only to see this in the NS OIDC documentation: "Enter the allowed email domains as comma-separated values. You cannot leave this field blank. Users with email address domains that are not listed in this field cannot access NetSuite using OIDC." What the heck? why does NS require us to whitelist domains? This completely defeats the purpose.