After the authorizations load, map the SaaS application authorizations to the Active Directory groups.
In the right pane of the PolicyMapping page, click the drop-down arrow, then select the desired SaaS connector.
In the Role Name column on the left, select the group from Active Directory you want to map to an authorization from the selected SaaS connector, in the right pane.
Drag and drop the desired authorization from the SaaS connector, in the right pane, to the center mapping pane.
(Optional) Select Approval, if an approval is required to grant access.
NetIQ recommends a maximum of 2,000 simultaneous approvals. For more information about approvals, see Section 6.0, Approving Requests.
Click Apply, then OK to map the SaaS authorization to the Active Directory group.
The mapping grants any users of the existing group authorization to the SaaS application resource. Add new users to the mapped group, and they automatically receive the authorization for the SaaS application as long as they have a user account authorization.