In order to create users and roles to access a Virtual Database, I would create them in the Virtual DataPort server and not the Solution Manager.
You can take a look at the [Administration of Databases, Users, Roles and Their Access Rights](https://community.denodo.com/docs/html/browse/latest/en//vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/administration_of_databases_users_roles_and_their_access_rights#administration-of-databases-users-roles-and-their-access-rights) section of the Virtual DataPort Administration Guide for more information
For the SSO configuration, if the Solution Manager is configured to use SSO using Kerberos, then I would ensure that the tools (Virtual DataPort Administration Tool, etc) are also configured to authenticate using Kerberos.
Suppose if you still need help and if you are a valid support user then you can raise a support case on [Denodo Support Site](https://support.denodo.com/) so that our support team can help you
Hope this helps!