Description:

The users in our sso environment are members of one of several groups. When they access an application in our sso environment, we'd like sm to return to the application the user's group name in a header variable.

Solution:

SM_USERGROUPS is a response group that contains a (^) delimited list of the groups to which an authentiated user belong. It is a parameter documented in the SiteMinder Policy Server guide.

SM_USERGROUPS is just a SiteMinder Generated User Attribute that can be used if desired, set as an HTTP Header response, that fires on authentication or authorization.
It is populated by creating the response as a User Attribute with both a variable and attribute name of SM_USERGROUPS.
It will have a value as follows: SM_USERGROUPS=<%userattr="SM_USERGROUPS"%>
This will return a header response with the value of any group that the user is a member of : for example :
SM-USERGROUPS cn=Engineers,o=ca.com