Hi Krishna,

Have you set the correct role claim in your external IDP configuration on the Identity Server? Also have you checked if the roles are being correctly passed from the Azure AD to the commonauth endpoint of the Identity Server? If the role information is missing in the SAML response then the mapping will not happen. You can verify your SAML response using something like the SAML tracer.