1)If you use authorization code flow, return both access_token and id_token, id_token claim will not contains groups, only bearer + access_token using user endpoint will contains groups 2)if you use implicit flow, request id_token alone it will contains the group, require access_token alone it will also contains groups. 3)Use your org or authorization server should both work in the same way. 4)you need OIDC APP->SignOn Tab->Groups claim groups Regex .*
Following these instructions, I can get "Okta" groups, but I cannot get any Active Directory groups that the user belongs to. I have AD syncing set up with the agent. I have users in AD groups and can see both in the Okta interface. But the calls to get the access token or id token return "Everyone" as their only group. How can I get Active Directory groups for a user in the access token or id token. Or is there some other way to get groups for a user when they login?