How to use Rules to add user roles based on AD group membership

We have a few hundred users that we are moving to Auth0 to access our intranet site. We would like to add the proper roles for user when they login based on their existing AD group memberships.

I’ve got as far as getting the groups to show up in the user object but I’m unclear of how to populate the roles in the correct scope under app_metadata. Based on the obligatory searching, I can add roles manually to app_metadata, but it populates under the wrong section using the default “Set roles to a user” template :

Desired output:
{ "authorization": { "roles": "Role1" ], "permissions": ] } }

Current output:
{ "authorization": { "roles": ], "permissions": ] } "roles": "Role1" ] }

I’m sure it’s an extremely simple matter of syntax.

I also have not been able to find a working example of how to iterate through the “groups” profile data.

Any help would be much appreciated!