When using SAML/SSO for Team Membership Management, you may find that users with Site Admin permissions no longer have them after logging in through SSO. This is due a misconfiguration in the TFC/E admin UI.
In order to resolve this, you will need to ensure that the Site Admin Role is set in the admin UI, and that the role is present and matching on the IdP side. This field is case sensitive.
If after ensuring this role is supplied and correct you are still unexpectedly seeing changes to your Site Admin permissions, please gather a screenshot of your SSO settings from TFE/C and capture a SAML assertion from an affected user and open a ticket with HashiCorp Support for review.