There are multiple ways to implement custom authentication with AzMan but if you are using an approach with custom SIDs (security identifiers), you should be aware of the data type for a SID.
Each sub authority is of type ULONG (32 bit) numeric which means numbers less than 4294967295 and no hex characters. So the format recommended for a Custom SID is S-1-9-1-1 through S-1-9-4294967295-4294967295. There is no validation based on sub authority either e.g. S-1-5 isn’t evaluated in AzMan any different from any other but you run the risk of collision with well known SIDs or prod AD SIDs . ( Thanks Sudheer! )