This exact scenario is described in the Role Mapping API docs.
See this paragraph:
However, in rare cases the names of your groups may be an exact match for the names of your Elasticsearch roles. This can be the case when your SAML Identity Provider includes its own "group mapping" feature and can be configured to release Elasticsearch role names in the user’s SAML attributes.