User not a member of one of the required groups - OKTA

Hello,
we are using Grafana Community v8.1.0 (62e720c06b) , defined Okta auth as per the docs but getting the following error , seems my configuration is correct but could not figure out what is wrong here ? Thanks in advance,

Could you please advise ?

lvl=eror msg=“login.OAuthLogin(get info from okta)” logger=context userId=0 orgId=0 uname= error=“user not a member of one of the required groups

Config :

    auth.okta:
      name: Okta
      enabled: true
      allow_sign_up: true
      client_id: XXXXXXXX
      client_secret: ZZZZZZZZZZZZZZZZZZ
      auth_url: https://mydomain.okta.com/oauth2/v1/authorize
      token_url: https://mydomain.okta.com/oauth2/v1/token
      api_url: https://mydomain.okta.com/oauth2/v1/userinfo
      allowed_groups: Admin, Editor, Viewer
      role_attribute_path: contains(groups[*], 'SEC.Grafana_Admin') && 'Admin' || contains(groups[*], 'SEC.Grafana_Editor') && 'Editor' || 'Viewer'
 

Logs:

lvl=dbug msg="Received user info response" logger=oauth.okta raw_json="{\"sub\":\"xscdcdcdcd\",\"name\":\"AAA BBB\",\"locale\":\"FR\",\"email\":\"AAA.BBB@mydomain.co.uk\",\"preferred_username\":\"AAA.BBB@mydomain.com\",\"given_name\":\"AAA\",\"family_name\":\"BBB\",\"zoneinfo\":\"America/Los_Angeles\",\"updated_at\":2432432,\"email_verified\":true,\"groups\":[\"Everyone\",\"SEC.Grafana_Admin\",\"Okta.YYYYY.XXXXXX\",\"enbaled\"]}" data="&{Name:AAA BBB DisplayName: Login: Username: Email:AAA.BBB@mydomain.co.uk Upn: Attributes:map[] Groups:[Everyone SEC.Grafana_Admin Okta.YYYYY.XXXXXX  enbaled] rawJSON:[123 ......]}"

lvl=eror msg="login.OAuthLogin(get info from okta)" logger=context userId=0 orgId=0 uname= error="user not a member of one of the required groups"

lvl=eror msg="Request Completed" logger=context userId=0 orgId=0 uname= method=GET path=/login/okta status=500 remote_addr=10.10.10.10 time_ms=543 size=1742 referer=

Thanks in advance,

Your allowed groups:
allowed_groups: Admin, Editor, Viewer
but user has groups:

"Everyone","SEC.Grafana_Admin","Okta.YYYYY.XXXXXX","enbaled"

Why you don’t allow additional groups, .e.g.
allowed_groups: SEC.Grafana_Admin, Admin, Editor, Viewer
?