I'm trying to understand how to allow certain users on a policy that has an Unsanctioned App. Basically, I don't want the whole organization to have access to it but only authorized users. Therefore, is there a way to allow this? I've tried to but I automatically get blocked even if there's a policy for the allowed users placed above the "Block Users to ___". Any suggestions would be great.