AzureAD + Socialite and Scope/Claims

I have had LibeNMS up and running for quite some time now and was wanting to get it working with AzureAD using the Socialite plugin. The directions on docs.librenms.org (Oauth/SAML support - LibreNMS Docs) does a great job going step by step for the Microsoft side of things to get it working, and it now works great. However, I have two groups that I was hoping to set up to automatically set roles, and I can’t for the life of me figure out what I am doing wrong. Once you get to the ‘Claims / Access Scopes’ section of the documentation, it goes over setting these with Okta, but nothing for Microsoft/AzureAD. I tried setting group attributes over on the app registration:

I even tried going to the Enterprise Application and setting it under ‘Additional Claims’, with the hopes that it would bring this attribute in (I just took the groups and set a value that matched the value that it is expecting for each role). I ran this:
lnms config:set auth.socialite.scopes.+ groups

and then set the groups in the LibreNMS GUI for the socialite settings to set those values to roles. Still no luck. I feel like I am close and am just missing something super trivial, but can’t seem to figure it out…

When I added the group stuff for Okta I had a go at getting it working with AzureAD free tiers or something but had no luck. It may have changed since then (I don’t remember seeing that ‘+Add group claim’ option …

It may also need some work on the socialite provder (?) and/or the LibreNMS code.

Good luck and if you get it working please feel free to update the documentation with whatever magic is required.