Per Official Single-Sign-On for Discourse (sso), you could have your SSO provider include the groups, add_groups, and/or remove_groups keys to modify Discourse group membership based on the roles in your application (see the section in the top post there titled Specifying group membership).
1 Like