The problem is in the way the rules are configured.
for example, the Toyo Rep rule is defined as:
Allow? IF Session SecurityAssist_ID Not Equal blank value
Allow? IF Session emailVerified Equal 1
Allow? IF Session Level In Group Toyo Rep
The way this gets evaluated is success because the Session SecurityAssist_ID is Not Equal blank value.
when using multiple conditions like this, the first condition that can be answered, causes the rule to be true
the way to configure this would be as:
Restrict? IF Session SecurityAssist_ID Equal blank value
Restrict? IF Session emailVerified Not Equal 1
Allow? IF Session Level In Group Toyo Rep
So the way that would be evaluated is:
Restrict? IF Session SecurityAssist_ID Equal blank value - Session is not equal "", no answer, so move to next
Restrict? IF Session emailVerified Not Equal 1 - session is equal to 1, no answer so move to next
Allow? IF Session Level In Group Toyo Rep - ok, session is in group, so allow, success
Or if the session was not in group, it would be false, so restrict.