Using the “test login” functionality for an IDP in the Gateway, I’m seeing these security levels being granted to a user:
I had created the “Customers” level and later deleted it and added “Customer”, effectively renaming it. Therefore I would expect that a user wouldn’t be receiving this deleted Security Level.
The actual full list of security levels look like this as defined in the Gateway:
(The blurred level is simply another Customer level that isn’t being granted to this user)