Hello @Gordhan,
did you have the chance to give a look at the documentation, as @Damo kindly pointed out?
In short: In viya you have 2 kinds of authentication, depending on the app you use. For programming interfaces, you need a host authentication (the host must able to authenticate with that account). Visual interfaces can authenticate against AD/LDAP, Kerberos, SAML or OpenID. For CAS (SASStudio) sessions installed on Full deployment (programming AND visual interfaces) you will need to authenticate against both resources.
Once this is defined (during initial deployment), you can manage permissions from the SAS Environment Manager (and in the OS level). You can decide the roles, etc. Group memberships will always be defined by the external authentication.