we have user created in Atlas on Organisation level with specific org role. If we configure Identity Provider and set some default role, then after first login this user will receive this default role and original role will be lost. So, even after disabling identity provider, user will have this default role.

Suggestion: explicitly granted roles should be keep untouched, but not be applied in case of active identity provider.