UserBase, and also added adfs groups with user base roles, even added adfs groups to cluster members to view only role….but nothing apply authorization correctly. SAML send group assigned to user when I debug communication. Same group is listed in drop down when you try to add as member which confirms that rancher see it and read it. Very strange behavior we have here. I created many AD and Octa saml integrations before so I know how and where to setup all. Also no adfs users logged in is appearing in user list with adfs provider.