Understanding group attribute values to roles mapping
As part of managing their users, partners typically assign them role-based values (also known as group attribute values), such as Sales Managers, Service Managers, etc. However, we do not have visibility into their user directories and one partner may name the value "Sales Managers" while another partner may name it "SalesTeamManagers". To organize these group attribute values, we have created a group construct in the federated directory service. As the systems administrator in the host tenant, you can create host groups (for example "Mgrs-Sales" group) in which to map the group attribute values (for example the "Sales Managers" and "SalesTeamManagers" values). This host group can then be added to roles in your tenant. The diagram below demonstrates this flow.