Zero trust, pomerium and keycloak configure option is invaild?

keycloak + pomerium, why configure option allowed_group is invalid in config.yaml

config.yaml

pomerium_debug: true

# keycloak
idp_provider: oidc
idp_provider_url: http://localhost:8080/auth/realms/myrealm # keycloak
idp_client_id: myidp 
idp_client_secret: myidp
idp_service_account: "ewogICJjbGllbnRfaWQiOiAibXlpZHAiLAogICJzZWNyZXQiOiAibXlpZHAiCn0="

policy:
  - from: https://verify.localhost.pomerium.io
    to: http://verify.pomerium.com

    # vaild
   # allowed_users:
   #   - jack@test.com

    # invaild?
    allowed_groups:
      - /group1/techGroup

    cors_allow_preflight: true
    timeout: 30s
    pass_identity_headers: true

if use configure option allowed_users is ok, but allowed_groups is invaild. why?

groups list:
/group1/adminGroup
/group1/techGroup