• Evaluate the groups created in Identity Cloud Service as a result of sync with external Identity Provider and determine whether to use them for Just In Time provisioning purpose.

• Login to the OUAF-based application and set up Template Users that represent authorization levels corresponding to the Identity Cloud Service groups synchronized from the external provider.

• Configure the Identity Cloud Service Group - Template User mapping in the Master Configuration.