Each identity source can contain different roles that appear on the Policy Mapping page:
Active Directory: groups, local groups, and global groups
eDirectory: group
Other Identity Sources: roles for JDBC and SSUS identity sources
Each application contains different authorizations that appear on the Policy Mapping page:
Google Apps: user and groups
Office 365: account, groups, and license
Salesforce: groups, roles, and profiles (account types)
Other Applications: appmarks for Bookmarks or other applications that require mapped authorizations for entitlements instead of Public access.
Provisioning applications support mapped authorizations only for users in Active Directory, eDirectory, and JDBC identity sources. For more information, see Requirements for Provisioning
in the CloudAccess Connectors Guide.