I'm attempting to create a review based on an ldap integrated application that grants App Roles to Active Directory accounts and groups. I have built a collector that pulls in the entitlements and assigns them to AD users and groups using the AD account collector in the mapping section, and it works great. The accounts show up under the 3rd party application under the "Accounts" tab, including those that are granted access via groups. When I go to the "Who Has Access" tab, the groups are listed, and when I click on them I see the App Roles. It all looks great.
But when I try to create the review, it is only pulling in the accounts with direct access, and none of the ones that are granted access through a group. I have checked off the "Include direct application roles that are also granted from groups" option. Is there any way to accomplish this? Am I missing something?