Hi @amitoj,
I answered this question in the past, so please refer to the following link for details:
Client Display Based on Role
I was mentioning in that question that I do not recommend using the IdP as the PEP. The app, API, or API Gateway can act as the PEP based on the token information