AD group authentication

Hi all,

I have set the claim type and value to the builtin administrator role and I was wondering whether it is needed to assign the role to all AD group members or should it be enough?

I would expect PSU to check the identity’s claims trying to call an endpoint and if the identity has the claims then the authentication should succeed. Am I wrong with this assumption?

Thank you.