How to restrict who can sign in Chronograf?

I am running a reverse proxy on Chrnograf via Nginx such that anyone can view my website which is

Naturally, I want to have control over who views, so first I added an OAuth per these instructions in the docs here.

However, now anyone can authenticate and again have access to Chronograf.
My next goal is to limit (and have control) over who is permitted to access Chronograf.

Since there is no Login option, I understand that this can be achieved via GitHub organizations by placing GH_ORGS= as an environment var.

Even when I do this, still anyone can access.

Am I misunderstanding here and how can I achieve the goal of having control over who has access?