Dynamically create jumpcloud oidc users

Hi, I’m trying to connect my vault to my Jumpcloud SSO using OIDC
I read that I should create an external group and an alias for automatically assign policies to the existing groups

I configured the vault the next way:

vault write auth/oidc/config \
  oidc_discovery_url="https://oauth.id.jumpcloud.com/" \
  oidc_client_id="<redacted>" \
  oidc_client_secret="<redacted>" \

vault write auth/oidc/role/default -<<EOF
  "user_claim": "name",
  "ttl": "1h",
  "bound_claims": { "groups": ["jumpcloud_group_example", "<redacted>", "<redacted>", "<redacted>"] },
  "allowed_redirect_uris": ["https://<vault_url>/ui/vault/auth/oidc/oidc/callback","http://localhost:8250/oidc/callback"]

and created the following group:

vault auth list -format=json | jq -r '.["oidc/"].accessor' > accessor.txt

vault write -format=json identity/group name="jumpcloud_group_example" \
  policies="admin" \
  type="external" \
  metadata=description="Vault Administrators" | jq -r ".data.id" > group_id.txt

vault write identity/group-alias name="<jumpcloud_group_id>" \
  mount_accessor=$(cat accessor.txt) \
  canonical_id=$(cat group_id.txt)

I manage to login through the UI (through the sso popup) but when checking the token - the identity_policies is empty and not containing the admin policy and the group stays empty:

Key                  Value
---                  -----
token                <redacted>
token_accessor       uGxaLFy2x4rj4e8q5vK4Lfzo
token_duration       59m46s
token_renewable      true
token_policies       ["default"]
identity_policies    []
policies             ["default"]
token_meta_role      default