If the external directory includes group information in its security tokens, you can add a mapping between the External Group Names attribute in PingOne and the inbound attribute name from the external directory.
Note:
For LDAP Gateway connections, the group associated with the user is provisioned to PingOne only on the initial user migration.