You can save the user's access group in the session using the saved values tab in the Authentication server behavior. Then you can check the value of the session variable on the restricted pages to redirect to the failure/login page if they don't have access.
This does require a bit of hand coding in the current version if you don't have DataBridge. Just use code like this on the top of the page:
<?php
@session_start();
if (!isset($_SESSION["AccessGroup"]) || !in_array($_SESSION["AccessGroup"], array(1, 2, 3))) {
header("Location: loginpage.php");
die();
}
@session_commit();
?>
This would check the saved value "AccessGroup" and if it isn't equal to 1, 2, or 3 then it redirects to loginpage.php.
You could adjust those values to fit your application.