For both Rules and Actions, users.groups is an optional attribute provided by a connected identity provider. It is not a normalized Auth0 attribute that is always guaranteed to be set in either case.
The good news is if they are migrating from Rules to Actions, user.groups should now be present in Actions if it was present in Rules.
There’s some more info on Azure AD + groups here: Connect Your App to Microsoft Azure Active Directory
If you want to enable extended attributes (such as Extended Profile or Security Groups), then you will need to configure the following permissions for the Microsoft Graph API.
There are also general docs on root attributes here: User Profile Root Attributes
Also, I would check these articles providing information:
- Auth0 Groups not accessible in Actions
- Actions Triggers: post-login - Event Object
- Connect Your App to Microsoft Azure Active Directory
- User Profile Root Attributes
“Is there any plans on expiring auth0-authorization-extension?”
Thanks,
Timotei