SSO across 3 sites. Can you keep a user from accessing one of them?

I have a customer who hopes to implement SSO across 2 WordPress sites and a custom-built site. A user might be registered on two of the sites, but not on the third, which is one of the WordPress sites. Is there a way to keep it like that, so if the user wants access to the third site they wouldn’t be able to login and would have to go through the registration process for that site?