Do permissions follow the same model everywhere with SSO or do you now have to set up permission logic everywhere for new customers? Like company A uses "admin" as role while company B uses "management" for essentially the same role?