Hi @kmo,
I believe the issue here is related to the setting skip_org_role_sync = true, since if this option is set to false, then it will synchronize user organization role with the provider’s role, as described in this table ( you might need to scroll down to [auth.generic_oauth] ) under Grafana’s documentation.
Afterwards you can either disable the auto_assign_org_role by setting role_attribute_strict = true or assign auto_assign_org_role to None if the auto_assign_org setting is set to true.
Unfortunately all these settings and behaviors rely on Grafana’s flags and changes, so it does not fall under our scope of support, however I would recommend checking thoroughly through their examples on the matter, and if an issue persists you could also try opening a new topic on Grafana’s community forum.
Thanks,
Remus