OpenId with google let all user to be connected

I have configure ELastic cloud with OpenId using google succesfly and i can logged in with my email.'
My problem is every gmail account can be logged in

There is any way to restrict only access to chosed users and manage their roles.

In google documentation we have obligation to check our database.

https://developers.google.com/identity/protocols/OpenIDConnect#authuser
After obtaining user information from the ID token, you should query your app's user database.

Just a clarification for future readers, that this means "every user in your Gmail tenant" and not every gmail user

I would argue that this is something that needs to be restricted on the authenticating side , i.e. the OpenID Provider, which is Google in your case. If google doesn't offer that feature/functionality, then what you can do on the Elastic Stack side is to create role mappings that only assign the necessary roles to specific groups of users. Then all the others ( that are not intended to log in ) will get no roles and as such will get a 403 from Kibana.