I have been able to login to the identity provider, and get the access_token. My problem is with mapping the OpenID connect groups to roles. I am changing an MVC 4 website. The article post at ( https://developer.okta.com/blog/2018/04/18/authorization-in-your-aspnet-mvc-4-application ) gives a sample code for AuthorizationCodeReceived. The problem is that the Authentication ticket value is null in the AuthorizationCodeReceived event. . The article states that mapping the OpenIDConnect groups to roles is required to get authorization attributes to work. My website is not using Azure Active Directory. Do you have any advice?