Edit the kPow application within the AWS SSO dashboard and navigate to "Attribute Mappings".
Add the following Roles mapping to ${user:groups}
In this case we are using a user's assigned groups as their role for kPow RBAC configuration.
Each of the Roles in this example will have the value of the GUID of the AWS SSO group.
If you are using AWS SSO with Active Directory you may find the Group SID from AD in place of the AWS SSO Group GUID in ${user:groups}
You can find the AWS SSO Group GUID from the AWS console in the URL params:
If you are using Active Directory or an external IdP as your identity source for AWS SSO you can use a supported directory attribute like {dir:....} to map attributes from AD to AWS SSO. For more info visit the AWS documentation.