Assign users to Extended Access security groups