Thx for your response.
My company don’t have any authorization server in OKTA.
My local admin can’t create a custom authorization server, he don’t have any menu for this in the admin website.
For the id_token i have to use this url : https://${okta.urlOrga}/oauth2/v1/authorize?
client_id=${okta.clientId}
&response_type=id_token
&nonce=1234567
&scope=openid email groups
&state=test
&redirect_uri=${window.location.href}`
I have the api token to add claims but i don’t have the permission.
Can i have get ad groups in the id_token without a custum authorization server ?