Yeah, it’s a bit of a faff mapping it all, but a small price to pay to leverage the power of 3rd party IdP’s.
If you add ‘Administrator’, ‘test2’, etc. (I believe its is case sensitive) to the Roles level it should directly map to your User Source.
You can also create custom security levels and hierarchy’s, but these need to be mapped using the security level rules. This can get complicated very quickly though depending on your security methodology (but it is very powerful).
The User Source is primarily used in Vision and a Classic authentication strategy. It is what Ignition natively understands. IdP’s were added in 8.x so that you can use external identity providers, but there needs to be a way for Ignition to interpret the responses for these (as each provider can be different), so you need to configure both sides. Admittedly, it doesn’t make much sense when using Ignition’s internal provider, but it does when you start using 3rd party IdP’s.
Edit: if you get a chance to play, you can get a 14 day free trial from Okta to test with a 3rd party IdP. This is what gave me the eureka moment. Also, the Ignition manuals have examples specifically for Okta, so setup is reasonably straight forward.