diff --git a/changelog/unreleased/service-account-roles.md b/changelog/unreleased/service-account-roles.md
new file mode 100644
index 0000000000..e96a828a6e
--- /dev/null
+++ b/changelog/unreleased/service-account-roles.md
@@ -0,0 +1,5 @@
+Bugfix: Fix Service Account Roles on external IDP
+
+Service Account Roles wouldn't work when using with external IDP
+
+https://github.com/owncloud/ocis/pull/8077
diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go
index b35ab68292..32993ec0a4 100644
--- a/ocis/pkg/init/init.go
+++ b/ocis/pkg/init/init.go
@@ -74,7 +74,7 @@ type IdmService struct {
 }
 
 type SettingsService struct {
-	ServiceAccountIDAdmin string `yaml:"service_account_id_admin"`
+	ServiceAccountIDs []string `yaml:"service_account_ids"`
 }
 
 type FrontendService struct {
@@ -400,7 +400,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 			ServiceAccount: serviceAccount,
 		},
 		Settings: SettingsService{
-			ServiceAccountIDAdmin: serviceAccount.ServiceAccountID,
+			ServiceAccountIDs: []string{serviceAccount.ServiceAccountID},
 		},
 	}
 
diff --git a/services/settings/pkg/store/metadata/bundles.go b/services/settings/pkg/store/metadata/bundles.go
index 7e36572930..ff634e7cad 100644
--- a/services/settings/pkg/store/metadata/bundles.go
+++ b/services/settings/pkg/store/metadata/bundles.go
@@ -34,6 +34,10 @@ func (s *Store) ListBundles(bundleType settingsmsg.Bundle_Type, bundleIDs []stri
 	}
 	var bundles []*settingsmsg.Bundle
 	for _, id := range bundleIDs {
+		if id == defaults.BundleUUIDServiceAccount {
+			bundles = append(bundles, defaults.ServiceAccountBundle())
+			continue
+		}
 		b, err := s.mdc.SimpleDownload(ctx, bundlePath(id))
 		switch err.(type) {
 		case nil: