I integrated Jenkins with Azure AD using the SAML plugin. I created in Azure AD a group claim to send the Jenkins the groups list the user is member of. The problem is if the user has more than 150 groups then Azure AD, instead of sending the groups claim, it sends a claim with name http://schemas.microsoft.com/claims/groups.link and value a Microsoft Graph link to get the list of groups. The SAML plugin is not calling the Microsoft Graph API and JEnkins thinks the user is not member of any group.