Role mapping for grafana

I am using keycloak 25.0.2, i am having issues role mapping on keycloak. i currently have a role created in “User federation - Ldap - Mappers - Grafana_Admin” here are its settings
LDAP Roles DN: CN=Grafana Admins,OU=Applications,OU=GROUPS,OU=DEV,DC=dev,DC=moutain,DC=la,DC=bob
Role NAme LDAP Atrribute cn
Role Object Classes group
Membership LDAP Attribute member
Membership Attribute Type DN
Membership User LDAP Attrbute SamAccountName
LDAP Filter
Mode READ_ONLY
User Roles Retrieve Strategy LOAD_ROLES_BY_MEMBER_ATTRIBUTE
Member-Of LDAP Attribute MemberOf
Use Ream Roles Mapping On
Client ID: Grafana

The issue im running into is i dont know how to make it so Grafana recognizes that the AD group is assigned to the user and gives them the correct permissions. when i log in with LDAP the user gets the correct perms but when logged in with saml they get the basic viewer permissions.

my grafana.ini
[auth.saml]
enabled = true
role_values_none = none
assertion_attributes_role = role
role_values_viewer = Viewer
role_values_editor = Editor
role_values_admin = Admin
asstertion_attribute_role = role
asstertion_attribute_name = name
asstertion_attribute_login = username
asstertion_attribute_email = email
asstertion_attribute_groups = groups

the only thing i did was map the role in user federation and don’t know what to do with it. when i click the action tab and sync with ldap i get a “Data successfully synced 0 imported roles, 0 roles already exists in Keycloak”