diff --git a/changelog/unreleased/fix-oidc-role-assigner.md b/changelog/unreleased/fix-oidc-role-assigner.md
index 797eb7311b..3850abc1f0 100644
--- a/changelog/unreleased/fix-oidc-role-assigner.md
+++ b/changelog/unreleased/fix-oidc-role-assigner.md
@@ -5,3 +5,4 @@ This makes no sense as the user is supposed to have only one and the update will
 We still log an error level log to make the admin aware of that.
 
 https://github.com/owncloud/ocis/pull/6605
+https://github.com/owncloud/ocis/pull/6618
diff --git a/services/proxy/pkg/userroles/oidcroles.go b/services/proxy/pkg/userroles/oidcroles.go
index e51232dda3..a5db4c10cd 100644
--- a/services/proxy/pkg/userroles/oidcroles.go
+++ b/services/proxy/pkg/userroles/oidcroles.go
@@ -93,7 +93,7 @@ func (ra oidcRoleAssigner) UpdateUserRoleAssignment(ctx context.Context, user *c
 	}
 	logger.Debug().Interface("assignedRoleIds", assignedRoles).Msg("Currently assigned roles")
 
-	if len(assignedRoles) == 0 || (assignedRoles[0] != roleIDFromClaim) {
+	if len(assignedRoles) != 1 || (assignedRoles[0] != roleIDFromClaim) {
 		logger.Debug().Interface("assignedRoleIds", assignedRoles).Interface("newRoleId", roleIDFromClaim).Msg("Updating role assignment for user")
 		newctx, err := ra.prepareAdminContext()
 		if err != nil {