Hi Peter,
Actually, there is already a version of IdP (4.2.13), that is currently "Under Development" that references a new App called Idp Customizations that will let you add your own custom logic for user/group mapping.
This will let you add the necessary logic to call the Graph API and fetch the groups/roles mapping without affecting the IDP component and its future versions.
This will be a more generic solution, without having to go to the different implementation details of Graph API with endpoints and credentials/tokens etc..
This new version includes many other changes such as allowing multiple configurations of different identity providers for the same tenant.
I'm just currently waiting for more feedback from a couple of colleagues that are already using this latest version. I also need to create new and updated documentation for this new version.