SharePoint is not authorizing Siteminder users via group. If the same users are explicitly given access to the SharePoint application, they are allowed access.
SharePoint is not receiving the list of groups via the expected attribute name: smusergroups
All supported releases of SharePoint Agent
In this case, although the attribute mapping had the correct name in the user store properties, a different name was given to the assertion attribute within the Legacy Federation properties. Renaming the assertion attribute to the expected 'smusergroups' allowed users to access the SharePoint application via group.