Only allow claim if user part of candidate group

I am connecting to LDAP for getting the groups and user details.
And in the bpmn assigning the user task to a candidate group.

How can I restrict that only members part of that group should be able to claim the task ?