Hi,
If I face such a scenario I would follow the below steps,
1. Login to Virtual DataPort Administration Tool.
2. Navigate to “Administration” tab.
3. Click on “Role Management” and “New”.
4. Add a Role with its name being the newly created group ID in Azure AD.
5. Select the rule and click on “Assign Privileges.”
6. Grant the “**[CONNECT](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#connection-privilege)**” privilege against the required databases.
By doing so, the user now has roles matching the group created in the Azure AD, with necessary privileges in both the Solution Manager and the Virtual DataPort and would be able to connect to the Design Studio.
For more information, you could refer to the **[Authorization](https://community.denodo.com/docs/html/browse/8.0/en/solution_manager/administration/authentication_and_authorization/authorization/authorization#authorization)** section of the Solution Manager Administration Guide and the **[User and Access Right in Virtual DataPort](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#user-and-access-right-in-virtual-dataport)** section of the Virtual DataPort Administration Guide.
Hope this helps!