Cisco VPN and Entra ID SSO

Hopefully I can articulate what I am asking for successfully. I have successfully setup SSO with Cisco and Entra ID, users get prompted, authenticate and it's successful. The problem is prior to setting up SSO I was just using a radius server with multiple profiles and groups that would give users different access to resources and access lists. Now with SSO, and Anyconnect App in Entra it seems I can only use one Cisco VPN profile and can't control users access to resources. I am using mulitple Entity ID's and Reply URLs in the cisco app in Entra but only works with the default ones.

Basically I need to control users on VPN acess via access lists and groups, but can't figure out out to do that since moving to Entra SSO. Any help would be great.