diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index fe90dda9..4ecc205a 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -45,6 +45,7 @@ services:
       # - OIDC_SCOPES=openid email profile
       # - OIDC_ADMIN_ROLES=admin
       # - OIDC_ROLES_ATTRIBUTE=groups
+      # - OIDC_IGNORE_ROLES=true
     depends_on:
       - postgres
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 080ab3a8..9d8fef1e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -45,6 +45,7 @@ services:
       # - OIDC_SCOPES=openid email profile
       # - OIDC_ADMIN_ROLES=admin
       # - OIDC_ROLES_ATTRIBUTE=groups
+      # - OIDC_IGNORE_ROLES=true
     depends_on:
       - postgres
 
diff --git a/server/.env.sample b/server/.env.sample
index 699c5938..f06b6470 100644
--- a/server/.env.sample
+++ b/server/.env.sample
@@ -28,6 +28,7 @@ SECRET_KEY=notsecretkey
 # OIDC_SCOPES=openid email profile
 # OIDC_ADMIN_ROLES=admin
 # OIDC_ROLES_ATTRIBUTE=groups
+# OIDC_IGNORE_ROLES=true
 
 ## Do not edit this
 
diff --git a/server/api/helpers/users/get-or-create-one-using-oidc.js b/server/api/helpers/users/get-or-create-one-using-oidc.js
index 9c3278e1..ef3f3dce 100644
--- a/server/api/helpers/users/get-or-create-one-using-oidc.js
+++ b/server/api/helpers/users/get-or-create-one-using-oidc.js
@@ -92,6 +92,11 @@ module.exports = {
 
     const updateFieldKeys = ['email', 'isAdmin', 'isSso', 'name', 'username'];
 
+    if (sails.config.custom.oidcIgnoreRoles) {
+      // Remove isAdmin from updateFieldKeys
+      updateFieldKeys.splice(updateFieldKeys.indexOf('isAdmin'), 1);
+    }
+
     const updateValues = {};
     // eslint-disable-next-line no-restricted-syntax
     for (const k of updateFieldKeys) {
diff --git a/server/config/custom.js b/server/config/custom.js
index f79368cf..73e2427e 100644
--- a/server/config/custom.js
+++ b/server/config/custom.js
@@ -39,6 +39,7 @@ module.exports.custom = {
   oidcScopes: process.env.OIDC_SCOPES || 'openid email profile',
   oidcAdminRoles: process.env.OIDC_ADMIN_ROLES ? process.env.OIDC_ADMIN_ROLES.split(',') : [],
   oidcRolesAttribute: process.env.OIDC_ROLES_ATTRIBUTE || 'groups',
+  oidcIgnoreRoles : process.env.OIDC_IGNORE_ROLES || false,
 
   // TODO: move client base url to environment variable?
   oidcRedirectUri: `${