While configuring
Group Mapping in the
Cloud Identity Engine performs username-to-user group mapping,
those usernames and user groups do not populate to security policies.
To simplify the creation or modification of user- and group-based
policies, you can use a Master Device to add the group names to
drop-down lists in security policy rules. You need to designate
a firewall as a Master Device for each device group. After you add
a Master Device, the device group inherits all policies defined
on the master device; for this reason, it should be a standalone, dedicated
device to be used for that device group.