Azure AD groups can't log in

Currently, People in an Azure AD group can’t log into my rancher 2.x installation, even though they are listed in the group (I can see them in Teams, for example), however if I add them explicitly to the list of allowed log-ons, they can successfully log in.

-Thom