We have configured the SAML integration / Azure AD and the roles in the AD is received correctly and mapped in Tulip with assigned role. Project is using LTS 5.2.
In our case the end users will request access to Tulip using a corporate access control system, which upon approval assigns the user to the appropriate AD group - or groups. If the users requests more than one role the AD will return all the groups the user is assigned to.
In Tulip user administration each user is only listed with one role, which we are told is based on a hierarchy where the best role is used.
Could you make an article (or append an existing one) describing system behavior when SAML returns more than one role assignment?