We are currently working with Elastic cloud and Azure AD and trying to login to azure with normal AD groups. This is done via role mappings and OIDC. This seems to work fine. However once we use a native Azure AD group it doesn't seem to work anymore. Is there a difference between both? tokens maybe?
We use this guide to configure the whole thing:
Set up OpenID Connect with Azure, Google, or Okta | Elasticsearch Service Documentation | Elastic