I'm getting hit and miss results with federated groups and I'm not sure if what I'm seeing is by design or if I goofed somewhere. The admin guide wasn't super clear for this setup, but here's how my environment is setup.

We have a hybrid AD infrastructure. I've created a domain OU with security groups for each dept. I'm syncing this OU to Azure. My groups are all showing up in Azure. I created an enterprise application for SSO and that's working.. I then created a federated group for each AD group using it's Object ID in Azure. Where I'm running into issues is even though my AD infrastructure is set, the inherited groups are not showing up for my users. They do for my user account, but no others.

When setting permissions, I set the linked LF group for the federated group I want, and when checking the active permissions for a given user, none of the permission for that group are showing.

My account:

Another LF Admin (and like every other user account:

Here's my LF Cloud SSO config:

Here's my Azure attribute settings:

Any help would be greatly appreciated.