User not a member of one of the required groups - OKTA

we are using Grafana Community v8.1.0 (62e720c06b) , defined Okta auth as per the docs but getting the following error , seems my configuration is correct but could not figure out what is wrong here ? Thanks in advance,

Could you please advise ?

lvl=eror msg=“login.OAuthLogin(get info from okta)” logger=context userId=0 orgId=0 uname= error=“user not a member of one of the required groups

Config :

      name: Okta
      enabled: true
      allow_sign_up: true
      client_id: XXXXXXXX
      client_secret: ZZZZZZZZZZZZZZZZZZ
      allowed_groups: Admin, Editor, Viewer
      role_attribute_path: contains(groups[*], 'SEC.Grafana_Admin') && 'Admin' || contains(groups[*], 'SEC.Grafana_Editor') && 'Editor' || 'Viewer'


lvl=dbug msg="Received user info response" logger=oauth.okta raw_json="{\"sub\":\"xscdcdcdcd\",\"name\":\"AAA BBB\",\"locale\":\"FR\",\"email\":\"\",\"preferred_username\":\"\",\"given_name\":\"AAA\",\"family_name\":\"BBB\",\"zoneinfo\":\"America/Los_Angeles\",\"updated_at\":2432432,\"email_verified\":true,\"groups\":[\"Everyone\",\"SEC.Grafana_Admin\",\"Okta.YYYYY.XXXXXX\",\"enbaled\"]}" data="&{Name:AAA BBB DisplayName: Login: Username: Upn: Attributes:map[] Groups:[Everyone SEC.Grafana_Admin Okta.YYYYY.XXXXXX  enbaled] rawJSON:[123 ......]}"

lvl=eror msg="login.OAuthLogin(get info from okta)" logger=context userId=0 orgId=0 uname= error="user not a member of one of the required groups"

lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/okta status=500 remote_addr= time_ms=543 size=1742 referer=

Thanks in advance,

Your allowed groups:
allowed_groups: Admin, Editor, Viewer
but user has groups:


Why you don’t allow additional groups, .e.g.
allowed_groups: SEC.Grafana_Admin, Admin, Editor, Viewer