Running Policy Server, when users are configured in the Policy as a group, users aren't authorized.

The browser goes on Domain "<domain>", realm "<realm>", for which the Auth/Az mapping "Auth/Az Mapping" gets applied.

Then the Policy Server searches the User in the User Store "<user_directory>" for authorization, as this is the target for the Auth/Az mapping.

The Policy doesn't have the "<user_directory>" User Store configured.

Create membership for the users in the "<user_directory>" User Store.

Modify the Policy to add the group as a member on this "<user_directory>" User Store to solve this issue.