When we configure Azure OIDC for QLik SaaS, we get an option to claim groups. In my case, it is "Groups Assigned to the Application" . The downside is we will not see all the groups in SaaS tenant for admins to manage the user assignment to Spaces / Permissions. It is working only when a member of particular group login to SaaS.
Challenge:
For example, if we configure more number of spaces it will be difficult to ask atleast one of the member to login for group claims to manage.