This article addresses a situation where an Identity Provider (IdP) does not share user claims in the id_token. 

• Identity Provider (IdP)
• OpenID Connect (OIDC)
• Claim Mapping

Okta's new OIDC attribute claims mapping function will automatically call the /userinfo endpoint if the source of a data element is mapped from context.userinfo object.

1. Navigate to Dashboard > Authentication > Enterprise and choose the OIDC provider.
2. Set the User Mapping accordingly.  Refer to the Group claim mapping documentation.

For example:

Related References 

• Configure PKCE and Claim Mapping for OIDC Connections
• Group claim mapping