You will probably need to set security to enable the groups access
When the setting is Microsoft Graph API, the Azure Entra App definition needs to be granted the access to the API.
1) In the Azure Portal for your organization, start by navigating to your OpenID application using app registrations:
2) Then click on your app--
3) Then Click on Api Permissions
4) If the CustomSecAttributeAssignment.Read.All permission for Type Application is not listed, click on Add Permission:
5) Select Microsoft Graph -
6) Then Application Permissions
7) Search for CustomSecAttributeAssignment
8) Check The CustomSecAttributeAssignment.Read.All
9) Click on Add Permissions and THEN very important, you will probably need to
10) Click on "Grant Admin Consent" for your organization
