At the moment all users from directories mapped to applications in Crowd are synchronized to those applications, however, not all of them have access and can log in.
Client applications should only see users who have been allocated to them.
Only synchronize users (to application) who has access to it
This feature request is concerning Users. For feature request concerning groups, see:
CWD-432 Client applications should only see groups which have been allocated to them