Yes we can do it. In SSO Authentication Activity "pySAMLWebSSOAuthenticationActivity" only pega will create Operator by using the Modal Operator information which you provided, the activity which is responsible for creating operator is "pyEstablishOperatorContext" this activity will get called in Authentication Activity. So after this activity got executed you can have your custom logic to append the additional Access Group to Operator which newly created.
Thank you Gunasekaran.. we are configuring the auth service in 8.1. I am able to successfully set up SSO without Pre-authentication and Post-authentication activities.
However getting "Login terminated because a post-authentication activity or policy failed" error while adding pySSOPostAuthenticationActivity under advanced configuration settings. Does 8.1 version supports post authentication? If not, how to configure multiple access groups ?