Hello @Colock ,
You can define a role mapping rule based on the primaryGroupID user attribute. The primaryGroupID for Domain Users is 513 and you will be able to map users based on Domain Users Group. The number 513 does not appear in the Domain Users attributes. It is encoded into the group's objectSid attribute. If you have to role map based on any other AD group, which is a primary Group, you need to find the primaryGroupID.
Please find the below KB article it may be useful: