I have the same issue. It seems that unregistered users who used SSO to login cannot be added automatically to groups!
UPDATE: now I can identity four use cases:
1/ New users without account validation: users are not automatically added to groups
2/ New users with account validation: users will be added automatically to groups
3/ Existing users (provisioned by the SSO engine): users are not automatically added to groups
3/ Existing users (fully registered): users are added automatically to groups
When enabling SSO (with no account validation) it seems that the “auto-assign user to group” feature is turned off.
Is this the expected behavior? If not is there a workaround.
When you are generating your SSO payload, you can set the add_groups field based on your user’s email, where add_groups is a comma delimited string of groups. I haven’t seen any documentation on this but the code is pretty clear: