At the moment, there’s no straightforward way to do that. If I have to do this, maybe the only way is associating an email with X lines of device fingerprinting info/IP address.
Every time a user logs in, you check their device fingerprinting/IP address against the list of info you already have from their previous logs in. If they have crossed the allowed number, then you don’t allow them to access content.