As a Cloud Identity administrator for your organization, you oversee the management of user permissions through groups in your Google Cloud environment. Each application team has its dedicated group, with the respective teams managing their members independently via the Google Cloud console. You need to ensure that these application teams can only add users from within your organization to their groups. What action should you take?