diff --git a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
index df0071568b9ec3cac5f4b67f0b067124021d5ea1..526d2faad742b5ef8f4e711534c54aa2daf9adde 100644
--- a/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
+++ b/src/main/java/net/geant/nmaas/portal/api/auth/OIDCAuthController.java
@@ -71,7 +71,7 @@ public class OIDCAuthController {
             );
             throw new AuthenticationException(ae.getMessage());
         }
-        checkUserApprovals(user);
+//        checkUserApprovals(user);
 
         if (configurationManager.getConfiguration().isMaintenance()
                 && user.getRoles().stream().noneMatch(value -> value.getRole().equals(Role.ROLE_SYSTEM_ADMIN))) {
diff --git a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
index c63d712c4ca30753f48562f4a11deac2f9a44aa9..813a0fb209d63796ca882cac4eba8bfaa446c888 100644
--- a/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
+++ b/src/main/java/net/geant/nmaas/portal/api/security/JWTTokenService.java
@@ -26,12 +26,11 @@ import java.util.stream.Collectors;
 @Slf4j
 public class JWTTokenService {
 
-    private JWTSettings jwtSettings;
-
     private static final String SCOPES = "scopes";
-
     private static final String LANGUAGE = "language";
 
+    private JWTSettings jwtSettings;
+
     @Value("${domain.global:GLOBAL}")
     String globalDomain;
 
@@ -47,16 +46,16 @@ public class JWTTokenService {
         if (user == null || StringUtils.isEmpty(user.getUsername())) {
             throw new IllegalArgumentException("User or username is not set");
         }
-        if(user.getFirstname() != null && !user.getFirstname().isEmpty()) {
+        if (user.getFirstname() != null && !user.getFirstname().isEmpty()) {
             preferredUsername = user.getFirstname();
-        }else{
+        } else {
             preferredUsername = user.getUsername();
         }
-        log.error("Get request for a token");
-        log.error("user = {} {} {}", user.getId(), user.getUsername(), user.getSelectedLanguage());
-        log.error("jwtSigningKey= {}", jwtSettings.getSigningKey());
+        log.trace("Get request for a token");
+        log.trace("user = {} {} {}", user.getId(), user.getUsername(), user.getSelectedLanguage());
+        log.trace("jwtSigningKey= {}", jwtSettings.getSigningKey());
         user.getRoles().forEach(role -> {
-            log.error("Role = {} {} {} {}", role.getRole().toString(), role.getAuthority(), role.getDomain().getCodename(), role.getUser().getId());
+            log.trace("Role = {} {} {} {}", role.getRole().toString(), role.getAuthority(), role.getDomain().getCodename(), role.getUser().getId());
         });
         String result = Jwts.builder()
                 .setSubject(user.getUsername())
@@ -88,7 +87,7 @@ public class JWTTokenService {
                 .claim(LANGUAGE, user.getSelectedLanguage())
                 .signWith(getSignInKey(jwtSettings.getSigningKey()), SignatureAlgorithm.HS512)
                 .compact();
-        log.error(result);
+        log.trace(result);
         return result;
     }
 
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/ApplicationBaseServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/ApplicationBaseServiceImpl.java
index 409f04ab8af15bb694daf34610bd592b65b18e71..0231ea424db52d97c5655dbd9a8e316598c9b0e3 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/ApplicationBaseServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/ApplicationBaseServiceImpl.java
@@ -74,7 +74,7 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService {
     private void handleTags(ApplicationBase base) {
         List<Tag> tags = base.getTags().stream()
                 .map(tag -> tagRepository.findByName(tag.getName()).orElse(new Tag(tag.getName())))
-                .collect(Collectors.toList());
+                .toList();
         base.setTags(new HashSet<>(tags));
     }
 
@@ -139,16 +139,16 @@ public class ApplicationBaseServiceImpl implements ApplicationBaseService {
 
     @Override
     public List<ApplicationBaseViewS> findAllActiveAppsSmall() {
-        log.debug("Loading information about all applications");
+        log.trace("Loading information about all applications");
         LocalDateTime beginning = LocalDateTime.now();
         List<ApplicationBaseS> allSmall = appBaseRepository.findAllSmall();
         LocalDateTime end = LocalDateTime.now();
-        log.debug("Loaded base data from db in {}ms", end.toInstant(ZoneOffset.UTC).toEpochMilli() - beginning.toInstant(ZoneOffset.UTC).toEpochMilli());
+        log.trace("Loaded base data from db in {}ms", end.toInstant(ZoneOffset.UTC).toEpochMilli() - beginning.toInstant(ZoneOffset.UTC).toEpochMilli());
         List<ApplicationBaseViewS> result = allSmall.stream()
                 .map(app -> modelMapper.map(app, ApplicationBaseViewS.class))
                 .collect(Collectors.toList());
         LocalDateTime finish = LocalDateTime.now();
-        log.debug("Complete data is ready after next {}ms", finish.toInstant(ZoneOffset.UTC).toEpochMilli() - end.toInstant(ZoneOffset.UTC).toEpochMilli());
+        log.trace("Complete data is ready after next {}ms", finish.toInstant(ZoneOffset.UTC).toEpochMilli() - end.toInstant(ZoneOffset.UTC).toEpochMilli());
         return result;
     }
 
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/DomainServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/DomainServiceImpl.java
index 9062b6ed820c8217d3fa7611c1983a7d0eb4bd96..83d7f5652960618b49c181aacc23ba4566c05c98 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/DomainServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/DomainServiceImpl.java
@@ -52,6 +52,8 @@ import java.util.Set;
 import java.util.stream.Collectors;
 
 import static com.google.common.base.Preconditions.checkArgument;
+import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GROUP_DOMAIN_ADMIN;
+import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GROUP_MANAGER;
 import static net.geant.nmaas.portal.persistent.entity.Role.ROLE_GUEST;
 
 @Service
@@ -369,6 +371,19 @@ public class DomainServiceImpl implements DomainService {
     public void removeMemberRole(Long domainId, Long userId, Role role) {
         checkParams(domainId, userId);
         checkParams(role);
+        //if deleting group_manager role delete also group_domain_admin
+        if(role.equals(ROLE_GROUP_MANAGER)) {
+           Optional<User> user = userService.findById(userId);
+           if(user.isPresent()) {
+               List<UserRole> roles = user.get().getRoles().stream().filter(r -> r.getRole().equals(ROLE_GROUP_DOMAIN_ADMIN)).toList();
+                roles.forEach(r -> {
+                    userRoleRepository.deleteBy(userId, r.getDomain().getId(), r.getRole());
+                    log.info("Deleting role {} from domain {} for user {} as part of ROLE_GROUP_MANAGER removal", r.getRole(), r.getDomain().getCodename(), userId);
+                });
+                domainGroupService.deleteUserFromAllDomainsGroups(user.get());
+                log.info("Delete user {} from all domain groups", user.get().getId());
+           }
+        }
         userRoleRepository.deleteBy(userId, domainId, role);
     }
 
diff --git a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
index 85b513fec339c7f61e545664ecde9b8190d91515..4e3ad3a2d9fbfbef011d00afb86eff08870e1496 100644
--- a/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
+++ b/src/main/java/net/geant/nmaas/portal/service/impl/OidcUserServiceImpl.java
@@ -2,6 +2,7 @@ package net.geant.nmaas.portal.service.impl;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import net.geant.nmaas.portal.api.exception.ExternalUserMatchException;
 import net.geant.nmaas.portal.api.exception.MissingElementException;
 import net.geant.nmaas.portal.api.exception.SignupException;
 import net.geant.nmaas.portal.exceptions.ObjectAlreadyExistsException;
@@ -43,18 +44,25 @@ public class OidcUserServiceImpl implements OidcUserService {
         boolean existUserBySamlToken = userService
                 .existsBySamlToken(oidcUserSub);
 
-        if (existUserBySamlToken) {
+        if (existUserBySamlToken) { //exist by saml_token and everything is correct
             return userService
                     .findBySamlToken(oidcUserSub)
                     .orElseThrow();
         }
-        if (userService.existsByEmail(oidcUserEmail)) {
+
+        if (userService.existsByEmail(oidcUserEmail)) {//exist by email needs work with this account
             User user = userService.findByEmail(oidcUserEmail);
+            //check if user with given email have older SamlToken as Email or Username
             if (user.getSamlToken().equals(oidcUserEmail)
                     || user.getSamlToken().equals(oidcUserPreferredUsername)) {
                 user.setSamlToken(oidcUserSub);
                 userService.update(user);
                 return user;
+            }else{
+                throw new ExternalUserMatchException("External user "
+                        + oidcUserSub
+                        + " does not match internal user with SamlToken " +
+                        user.getSamlToken());
             }
         }
         return registerNewUser(oidcUser);
diff --git a/src/main/resources/changelog.json b/src/main/resources/changelog.json
index ed50a597c6e79c34dcec4db0986d4ae24dfee13b..0c9424123e22cf4acb205a85f20eb18eb5c18e0c 100644
--- a/src/main/resources/changelog.json
+++ b/src/main/resources/changelog.json
@@ -2,12 +2,17 @@
   "versions" : [
     {
       "verNo" : "1.7.1",
-      "date" : "(2025/04/10)",
+      "date" : "(2025/04/15)",
       "topic" : [
         {
-          "title" : "Authentication and user access improvements",
+          "title" : "Authentication and user access enhancements",
           "tags" : "[Enhancement]",
-          "description" : "JWT size reduction and account linking mechanism"
+          "description" : "JWT size reduction and improved account linking mechanism"
+        },
+        {
+          "title" : "User role management improvements",
+          "tags" : "[Enhancement]",
+          "description" : "Properly handing role removal action and removed obsolete calls to the backend API"
         }
       ]
     },