OIDC without Identity Backend

Is it possible to use the OIDC auth backend without relying on the identity backend to do group mappings? (I have a prototype working with Okta+OIDC+Identity External Groups); I’m hoping for something like the LDAP backend with its group->policies mapping.

We can’t use the Identity Backend because of: Shedding identity_policies but could really use OIDC to get true SSO.

If you are using Okta and do not need to pass additional OIDC claims like groups, but want LDAP Auth-style functionality, take a look at the Okta Auth Method: https://www.vaultproject.io/docs/auth/okta/