Running Policy Server, when users are configured in the Policy as a group, users aren't authorized.
The browser goes on Domain "<domain>", realm "<realm>", for which the Auth/Az mapping "Auth/Az Mapping" gets applied.
Then the Policy Server searches the User in the User Store "<user_directory>" for authorization, as this is the target for the Auth/Az mapping.
The Policy doesn't have the "<user_directory>" User Store configured.
Create membership for the users in the "<user_directory>" User Store.
Modify the Policy to add the group as a member on this "<user_directory>" User Store to solve this issue.