I've seen this before as well. When the issue came up, we simply added the few individual users rather than the group.
That's what I did as a workaround but it should work with a group... It's not a very big deal but I hate it when I don't know what's causing it. There must be a cause for this issue.
I've also seen some posts where group nesting is the issue:
"One of the things we have found is that NSX Manager doesnt like nested AD groups.
Nested groups are also quite common in enterprise AD enviroments, using the AGDLP standard.
So our standard way of assigning rights would be:
the user –> member of a global group representing a user role –> member of a domain local group representing the resource –> the resource itself.
In this case the resource was the ‘auditor’ right in NSX manager.
We find that if we assign a user directly, it works
If we assign the user via an AD global group, it works
But when we nest it via a Domain Local Group, and then the Global group, then it doesnt work!"
And to make it even stranger.... I think it *did* work one time but then I found out that the NSX Administrator permissions were not enough so I added the "NSX Enterprise Administrators" group and removed the "NSX Administrators" group. And after that things fell apart...
I will see if I can reset the whole SSO config.
Well, yesterday I removed the AD group from NSX and today I added it again. And it worked... I really have no idea what caused the issue but for now, the problem is solved.