Your comments

to follow up we were not able to immediately replicate this issue.  However, after further investigation the issue has been replicated and sent to the development team to address.

I don't have an exact ETA on when a fix will be found and implemented, but we are working towards it.

Do these specific Guest machines have anything in common?  Are they all offline often?

Also, within the web.config on the ConnectWise Control server, to what value is the setting "AccessSessionExpireSeconds" set?

From an implementation point of view I don't see a bug with this but rather a feature request.  If a User has access to control their own groups/roles within an Active Directory then they are basically Administrators within that IdP.

Which IdentityProvider have you integrated into ConnectWise Control for SAML?

Thanks for the report, I was able to replicate the behavior and I have registered it as a defect.