How to handle federated idp roles

I’m federating Auth0 to an external IDP (Oracle IDCS) using OIDC Auth Code Flow.
I’d like to get the external IDP to send back a set of well-known but custom roles (eg. Web-Application-User) which I’d like to use in Auth0. The aim here is to use the externally defined roles as a factor in determining authorisation levels in upstream services using something like OPA.
Ideally, I’d like to get access to those roles from the /userinfo method.
If I manually create roles in Auth0, that gets returned in /userinfo but am unable to get the IDCS roles passed into Auth0 from the IDP.
Could someone tell me if I have the right approach?