Okta group members do not get granted permissions

On Rancher 2.7.6, I was able to setup Okta as auth provider with user and group search enabled. Everything works well with Okta user search and permissions. Okta group search also works, permission can be granted from gui but the members do not receive the granted permission.

Example: Okta users and groups can be added to Authorized Users & Groups from the drop-down list. However, only authorized users could log in but members of authorized group could not. This error shows up on the login page: Logging in failed: Your account may not be authorized to login.

How should I troubleshoot what goes wrong with the setup?

Screenshot of values used for Okta user and group search: