Entire SSO groups can be mapped to specific Cyral roles, whose permissions can be customized in your Cyral Control Plane. Cyral roles allow users to do things like create new sidecars, write policies, or add new integrations.
To map an SSO group to a role, navigate to the Account Users tab in the Control Plane and select "Manage Roles".
The default Cyral roles are Super Admin, Admin, User, and Developer. To map an SSO group to those roles, simply click on the role name at the top of the column in the "Manage Roles" pop up and then select "Add New Mapping" to map the SSO group.
To create a custom role, click on "Add New Role" from the "Manage Roles" pop up. Select the desired permissions, give your role a name, and map your SSO groups.
Manage Roles Pop Up:
Create a Mapping: