User Profile

Hi all, I am trying to integrate IAP for one of my app. It contains courses for users to purchase. So as per apple In-app purchases , payments are associated with apple id with appstore. But we need to maintain payments associated with our application user accounts.  So how do we keep the relation of apple id used for payments and our application user account, so that we allow payments only with associated one’s. If user is using same device with different login credentials of app.   I see receipt is what we get access to identify apple id payments in a device, if so what info should we consider in receipt to associate our application user account? My app includes subscription products as well, so i couldn't just rely on original transaction id. Eg. user 1 purchased subscription product 1 of group 1 and user 1 logs out and user 2 login in same device and tries to purchase subscription product 1/2/3 of same group 1. I want to deny access to that user. Is this possible? and is this fine to deny user in this case?