Hi Eric Deng,
I noticed you're using the CustomAccessTokenParsing microflow to assign end-user roles based on the IdP's information. However, the roles retrieved from the Access Token don't exist in the Mendix database. Please check the roles in the Access Token to ensure they match those defined in Mendix.
Please Follow section 8.2 in OIDC SSO documentation for more information.