Google SSO Integration

Does the default claim mapper work with Google SSO to allow you to specify some users (or groups) to only have read access via web UI? Or is this something that has to be done by writing a custom plugin?