When a user is created through JIT provisioning using a SAML/SSO provider they are added to the local directory and assigned groups based on the group membership at the IdP. If that user's group memberships are then modified in the local directory they are overwritten with the IdP's groups the next time that user logs in using the SSO provider.

The desired functionality is to have the user's groups memberships act more like the group aggregation feature available when using multiple directories. The goal is to be able to create new users using JIT provisioning from the SSO provider, while still being able to administer groups in the Bamboo UI.