Apart from email verification, where gating is supported, all of these checks are business logic and need to be performed in your application.

The current solution is to put the value into the JWT as a custom claim using this lambda: https://fusionauth.io/docs/v1/tech/lambdas/jwt-populate/

And then have your application check this when it is verifying claims (as it should do).

There are some open issues on this: