I'm attempting to integrate Azure AD with AWS SSO. I'm at a point where I need to create AD Groups and assign users to those AD Groups. The personnel in my company are located in different cities/regions of the country, and many of them are members of the same business units, therefore there are several distributed teams. Would it be best to setup AD Groups by City/Region or by Business Units or is there a better way to do this? I want to employ the best and most efficient method possible for creating AD Groups. If you could assist I'd really appreciate it.