If you use RADIUS instead of SDI, you can pass the group information from RSA to ASA. In RSA, install RADIUS server, create profiles for the groups you have in ASA. The group profiles in RSA have to match the profile names in ASA. For each RSA pro...