@B3n There is another option. You can use PingID username instead of the role name in the roles_mapping.yml
i.e.
custom_role:
reserved: false
users:
- "<pingid_user>"
It’s not a perfect solution but at least will keep you away from internal users. This user field accepts also regular expressions. For example, if your users have a common phrase in their usernames then you can make this role assignment more flexible.
i.e.
custom_role:
reserved: false
users:
- "*"