Auth0 Groups not accessible in Actions

Problem statement

I am currently using a Rule to add an IdToken property (“user.groups”) from a SAML claim.
The rule is:

function (user, context, callback){
  context.idToken['user.groups'] = user.groups;
  callback(null, user, context);

When attempting to implement this in an Action, I do not know how to retrieve the SAML claim for groups in order to populate the custom claim in the IdToken.
This is what I have:

exports.onExecutePostLogin = async (event, api) => {
api.idToken.setCustomClaim("user.groups", <???>);

The claim is not in the user_metadata or app_metadata. How do I do this?


At the moment user groups cannot be referenced in Auth0 Actions - only Rules. This is being worked on currently for the upcoming parity backlog for Rules deprecation.