Created group "NewGroup" in Azure Active Directory and added the users "A" and "B" to it.
Created group "NewGroup" in SonarQube.
After users login only user "A" was added to "NewGroup" in SonarQube.
User "B" was not added to "NewGroup" in SonarQube group however the user was added to the "sonar-users" group.
Both users are a direct member of the "NewGroup" in Azure Active Directory.
The only difference in Azure Active Directory is the value of field "User type".
For user "A" this field has the value "Member". For user "B" this field was empty.
Does the synchronization logic look at the value of field "User type"?
After changing the value of this field for user "B" to "Member" the synchronization for this user still does not work.

I have seen the same problem.

AAD login is working OK, AAD users can login to SonarQube, but their group membership is not mapped over, even though the corresponding group are present in both AAD and SonarQube

Any suggestions as to how I can diagnose the issue?

Seeing the same issue. Login works, not seeing group membership pull over. On SonarQube 9.4.

The issue for us was solved by a setting in AAD. See the process #62

The key line was

Click on the Settings button at the top of the screen and then select Required permissions. Select "Windows Azure Active Directory" from the list that appears. Make sure that "Read directory data" from the "Delegated Permissions" section is selected. Make sure to select Save to update the permissions.

Yep it was permissions for me too! Thanks for the direction :)

Really easy to miss that one it seems, and the errors don't really give a clue. Hope people find this issue

This issue is old and hasn't had any activity. If the problem still exists, please open a new issue.