You can use Microsoft LDAP integration to define groups in each of the role categories of "Administrator","Architect","Operator" and "Guest". Select "WFA Configuration" in the "Administration" menu. The configuration is setup in the "Autjentication" tab. Be aware that a user will need to login to WFA before you can add them to a category. This setup will allow you to use active Directory groups to manage user access to WFA roles only.