diff --git a/changelog/unreleased/fix-oidc-role-assigner.md b/changelog/unreleased/fix-oidc-role-assigner.md
index 797eb7311..3850abc1f 100644
--- a/changelog/unreleased/fix-oidc-role-assigner.md
+++ b/changelog/unreleased/fix-oidc-role-assigner.md
@@ -5,3 +5,4 @@ This makes no sense as the user is supposed to have only one and the update will
 We still log an error level log to make the admin aware of that.
 
 https://github.com/owncloud/ocis/pull/6605
+https://github.com/owncloud/ocis/pull/6618
diff --git a/services/proxy/pkg/userroles/oidcroles.go b/services/proxy/pkg/userroles/oidcroles.go
index e51232dda..a5db4c10c 100644
--- a/services/proxy/pkg/userroles/oidcroles.go
+++ b/services/proxy/pkg/userroles/oidcroles.go
@@ -93,7 +93,7 @@ func (ra oidcRoleAssigner) UpdateUserRoleAssignment(ctx context.Context, user *c
 	}
 	logger.Debug().Interface("assignedRoleIds", assignedRoles).Msg("Currently assigned roles")
 
-	if len(assignedRoles) == 0 || (assignedRoles[0] != roleIDFromClaim) {
+	if len(assignedRoles) != 1 || (assignedRoles[0] != roleIDFromClaim) {
 		logger.Debug().Interface("assignedRoleIds", assignedRoles).Interface("newRoleId", roleIDFromClaim).Msg("Updating role assignment for user")
 		newctx, err := ra.prepareAdminContext()
 		if err != nil {