how to fix "User not in group", if I add OIDC_GROUP_NAME

[AlexMidili]

Hello everyone, I have this problem: after successfully logging into Keycloak, I can't access MLflow with the error "User not in group." (add a picture)

After examining the code, I realized that the issue is with OIDC_GROUP_NAME.
I have the following questions:

1. Does this parameter depend on the group passed from Keycloak, or does it depend on the group embedded in MLflow?
2. If it depends on the embedded group in MLflow, how can I use mlflow-oidc-auth to add a group to MLflow so that I can finally log in to MLflow?
   Can anyone help, please

[kharkevich]

This question is related to the OIDC provider configuration side.

In case of using a generic OIDC provider, you should configure extended attributes mapping to have groups in the claim.
To configure it, please refer to your OIDC provider documentation.

For example:
https://developer.okta.com/docs/guides/customize-tokens-groups-claim/main/
https://stackoverflow.com/questions/56362197/keycloak-oidc-retrieve-user-groups-attributes