I believe that currently the BYOIDP SSO is only supporting whether you are part of an organization or not, meaning you can login to that organization on the platform. To my knowledge it is not supporting any organization groups or project roles. I suggest if you need such a thing to add it as an idea on the idea forum.
Thank you Bob. you are right. In the mean time we received more information from Mendix. This is what is written in the document we received.
The current beta and the first generally available version are focused on delegating the authentication. Authorization logic is targeted in a future update. Future enhancements - User and security group synchronisation from the customer’s IdP to Mendix. - Rules to translate coarse grained authorization claims from the customer’s IdP into mid-grained authorization decisions.