# Group mapping
With some type of external connectors, Cusna allows to define static rules to assign external users to a destination Group in Cusna, based on some criteria.
In general, the feature allows to statically define the mapping form a source group id (which definition depends on the IdP used) and the destination Cusna [Group](https://docs.cusna.io/service-management/groups).
{% hint style="info" %}
For most IdPs, you also have the option to make sure that only users that are mapped to a group are granted access to the service, by enabling the option **Authorize only members of mapped Groups**
{% endhint %}
### **Microsoft Entra (oAtuh)**
In case of Microsoft, it possible to crete rules that map the Azure Group ID into a Cusna Group. You can select the Microsoft Entra ID Group form a dropdown menu
### **Google (oAtuh)**
In case of Google, it possible to crete rules that map the Google Group into a Cusna Group. You can select the Google Group form a dropdown menu.
### **SAML**
In case of SAML integration, for most systems, it possible to crete rules that map the source Group into a Cusna Group. You need to enter the SAML Group identifier manually in the Source Group ID input.
#### Microsoft Entra
For Microsoft Entra ID, you need to enter the value of the Object ID of the Group that you can find the in the Azure Portal.
