Authentication to TMC SM will work fine but you wont be able to see all the features even if the user is mapped to admin rule.

In the pinniped logs you will see the below error message 

"level":"info","timestamp":"2025-03-18T02:04:47.121304Z","caller":"/root/go/pinniped/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider.go:575$resolvedoidc.getGroupsFromUpstreamIDToken","message":"no groups claim in upstream ID token","warning":true,"identityProviderResourceName":"pinniped-upstream","configuredGroupsClaim":"group_names"}
{"level":"info","timestamp":"2025-03-18T02:04:47.122012Z","caller":"/root/go/pinniped/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider.go:575$resolvedoidc.getGroupsFromUpstreamIDToken","message":"no groups claim in upstream ID token","warning":true,"identityProviderResourceName":"pinniped-upstream","configuredGroupsClaim":"group_names"}
{"level":"info","timestamp":"2025-03-18T02:04:47.122054Z","caller":"/root/go/pinniped/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider.go:575$resolvedoidc.getGroupsFromUpstreamIDToken","message":"no groups claim in upstream ID token","warning":true,"identityProviderResourceName":"pinniped-upstream","configuredGroupsClaim":"group_names"}
{"level":"info","timestamp":"2025-03-18T02:04:47.147900Z","caller":"/root/go/pinniped/internal/federationdomain/resolvedprovider/resolvedoidc/resolved_oidc_provider.go:575$resolvedoidc.getGroupsFromUpstreamIDToken","message":"no groups claim in upstream ID token","warning":true,"identityProviderResourceName":"pinniped-upstream","configuredGroupsClaim":"group_names"}

and the above error "no groups claim in upstream ID token" indicates the group mapping is not done.

Collect the output of the below command

kubectl -n tmc-local get secret  --no-headers -o custom-columns=":metadata.name" | grep pinniped-storage-access-token | xargs -i kubectl -n tmc-local get secret {} -ojsonpath='{.data.pinniped-storage-data}' | base64 -d | jq .

from which you can check if claims.groups is set correctly or not

The output will have the below details 

 "ext": {

            "additionalClaims": {

              "email": [email protected]

            },

            "azp": "client.oauth.pinniped.dev-auth-manager-pinniped-oidc-client",

            "groups": [],  <<<<<<<<<<<<<

            "username": [email protected]

          }

Integrating TMC SM with VIDM is not yet supported as of today due to the group mapping not available in VIDM.

You can check the client scope as per the below screenshot which won't have group mapping.

This is considered as a Feature request and will be implemented in the future however there is no ETA for the same, please watchout for the Release notes as it will be updated once done.