🔒️(organization) the first user is not admin

The first user of a organization is probably not an admin.
This was implemented for first tests but for now it's more
a security issue than something helpful.

FIXES #775

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to
 
 ## [Unreleased]
 
+- 🔒️(organization) the first user is not admin #776
 - 🐛(admin) fix broken alias import #1021
 
 ## [1.22.0] - 2026-01-19

src/backend/core/authentication/backends.py

@@ -17,8 +17,6 @@ from core.models import (
     AccountService,
     Contact,
     Organization,
-    OrganizationAccess,
-    OrganizationRoleChoices,
 )
 
 logger = logging.getLogger(__name__)
@@ -131,15 +129,6 @@ class OIDCAuthenticationBackend(LaSuiteOIDCAuthenticationBackend):
 
         user = super().create_user(claims | {"organization": organization})
 
-        if organization_created:
-            # Warning: we may remove this behavior in the near future when we
-            # add a feature to claim the organization ownership.
-            OrganizationAccess.objects.create(
-                organization=organization,
-                user=user,
-                role=OrganizationRoleChoices.ADMIN,
-            )
-
         # Initiate the user's profile
         Contact.objects.create(
             owner=user,

src/backend/core/tests/authentication/test_backends.py

@@ -391,6 +391,8 @@ def test_authentication_getter_new_user_with_registration_id_new_organization(
     assert user.organization.domain_list == expected_domain_list
     assert user.organization.registration_id_list == expected_registration_id_list
 
+    assert models.OrganizationAccess.objects.filter(user=user).exists() is False
+
 
 def test_authentication_getter_existing_user_via_email_update_organization(
     django_assert_num_queries, monkeypatch