OIDC without Identity Backend

Is it possible to use the OIDC auth backend without relying on the identity backend to do group mappings? (I have a prototype working with Okta+OIDC+Identity External Groups); I’m hoping for something like the LDAP backend with its group->policies mapping.

We can’t use the Identity Backend because of: Shedding identity_policies but could really use OIDC to get true SSO.