diff --git a/.gitignore b/.gitignore
index 6906cf8..979a58a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,7 @@ composer.phar
 
 # Commit your application's lock file http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file
 # You may choose to ignore a library lock file http://getcomposer.org/doc/02-libraries.md#lock-file
-# composer.lock
+composer.lock
 
 ### PhpStorm+all ###
 # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
diff --git a/Classes/ResourceServer/GitLab.php b/Classes/ResourceServer/GitLab.php
index 0785e6d..6e7a1e4 100644
--- a/Classes/ResourceServer/GitLab.php
+++ b/Classes/ResourceServer/GitLab.php
@@ -55,6 +55,10 @@ class GitLab extends AbstractResourceServer
      * @var bool
      */
     private $userDetailsLoaded = false;
+    /**
+     * @var bool
+     */
+    private $blockExternalUser = false;
     /**
      * @var array
      */
@@ -71,6 +75,7 @@ public function __construct(array $arguments) {
         $this->adminUserLevel      = (int)$arguments['gitlabAdminUserLevel'];
         $this->gitlabDefaultGroups = GeneralUtility::trimExplode(',', $arguments['gitlabDefaultGroups'], true);
         $this->userOption          = (int)$arguments['gitlabUserOption'];
+        $this->blockExternalUser   = (bool)$arguments['blockExternalUser'];
 
         $this->oauthProvider = new GitLabOAuthProvider([
             'clientId'     => $arguments['appId'],
@@ -155,6 +160,9 @@ public function loadUserDetails(ResourceOwnerInterface $user): void
                     $accessLevel = max($accessLevel, $sharedGroup['group_access_level']);
                 }
             }
+            if ($this->blockExternalUser && $user->isExternal()) {
+                $accessLevel = 0;
+            }
 
             $this->gitlabProjectPermissions = [
                 'access_level' => $accessLevel
diff --git a/README.md b/README.md
index 91190aa..05ea246 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,7 @@ Mfc\OAuth2\ResourceServer\Registry::addServer(
             'gitlabAdminUserLevel' => \Mfc\OAuth2\ResourceServer\GitLab::USER_LEVEL_DEVELOPER, // User level at which the user will be given admin permissions
             'gitlabDefaultGroups'  => 0, // Groups to assign to the User
             'gitlabUserOption'     => 0, // UserConfig
+            'blockExternalUser'    => false // Blocks users with flag external from access the backend
             'projectName'          => 'your/repo', // the repository from which user information is fetched
         ],
     ]