1. Proposed title of this feature request
openid use claim as groups
2. What is the nature and description of the request?
kubernetes support the --oidc-groups-claim  parameter: JWT claim to use as the user’s group. If the claim is present it must be an array of strings.
From doc  we can specify a custom claim, and I am interested if we allow the same feature as the GroupClaims:
if specified, causes the OIDCAuthenticator to try to populate the user's, groups with an ID Token field. If the GroupsClaim field is present in an ID Token the value must be a string or list of strings.
So It would be possible to add in the master-config.yaml in apiServerArguments section :
to benefit from kubernetes --oidc-groups-claim  parameter and have the user group automatically populated.
If so, it would become not mandatory to have a separate process to synchronize groups with our Active Directory
3. Why does the customer need this? (List the business requirements here)
We want to centralized in our ADFS the manner how the groups/roles are retrieved for a user, and provide them in the JWT token as claims.
It offers better abstraction, instead of asking directly to on specific Active Directory.