Using SAML for SSO with Active Directory

We've got SAML working for SSO when using accounts added in manually to the app, but i'm wanting to understand better how we go about this when using Active Directory.   All our apps have their own specific AD groups, with one for User, SuperUser, and Admin roles. So what we want to be able to do is that when a user goes to the app URL SAML will check what AD groups they are in, and then if they are in the User group it will create them an account in the app with the User role etc...   Do we just need to use CustomUserProvisioning microflow to use the group information provided by SAML to set the right user role...?   Is this possible...?  
1 answers

Hi Justin,

Yes, if You have custom logic in user-provisioning then you can implement your own logic in Customer provisioning. 

For more information you can follow the below documentation

Custom Microflow name should start with Custom   and should be configured in SAML Configuration.