Hi fuhresk8,
Could you please configure "AD1:memberOf" instead of "AD1:ExternalGroups" to check whether the authorization is working fine.
We suspect that this is the permission issue to fetch the "TokenGroups" attribute.
Please let us know the re...
