diff --git a/Scripts/authentik-sync-zulip-saml.sh b/Scripts/authentik-sync-zulip-saml.sh
index cd18752..6767991 100644
--- a/Scripts/authentik-sync-zulip-saml.sh
+++ b/Scripts/authentik-sync-zulip-saml.sh
@@ -10,7 +10,6 @@ acs_url="${AUTHENTIK_ZULIP_ACS_URL:-https://chat.burrow.net/complete/saml/}"
 audience="${AUTHENTIK_ZULIP_AUDIENCE:-https://chat.burrow.net}"
 launch_url="${AUTHENTIK_ZULIP_LAUNCH_URL:-https://chat.burrow.net/}"
 access_group="${AUTHENTIK_ZULIP_ACCESS_GROUP:-}"
-admin_group="${AUTHENTIK_ZULIP_ADMIN_GROUP:-}"
 issuer="${AUTHENTIK_ZULIP_ISSUER:-$authentik_url}"
 
 usage() {
@@ -29,7 +28,6 @@ Optional environment:
   AUTHENTIK_ZULIP_AUDIENCE
   AUTHENTIK_ZULIP_LAUNCH_URL
   AUTHENTIK_ZULIP_ACCESS_GROUP
-  AUTHENTIK_ZULIP_ADMIN_GROUP
   AUTHENTIK_ZULIP_ISSUER
 EOF
 }
@@ -259,17 +257,6 @@ last_name_mapping_pk="$(
     $'parts = (request.user.name or "").rsplit(" ", 1)\nif len(parts) == 2 and parts[1]:\n    return parts[1]\nreturn request.user.username'
 )"
 
-role_mapping_pk=""
-if [[ -n "$admin_group" ]]; then
-  role_mapping_pk="$(
-    reconcile_property_mapping \
-      "Burrow Zulip SAML Role" \
-      "zulip_role" \
-      "zulip_role" \
-      $'admin_group = "'$admin_group$'"\nif any(group.name == admin_group for group in request.user.ak_groups.all()):\n    return "owner"\nreturn None'
-  )"
-fi
-
 if [[ -z "$email_mapping_pk" || -z "$name_mapping_pk" || -z "$first_name_mapping_pk" || -z "$last_name_mapping_pk" ]]; then
   echo "error: failed to reconcile Zulip SAML property mappings" >&2
   exit 1
@@ -289,7 +276,6 @@ provider_payload="$(
     --arg name_mapping "$name_mapping_pk" \
     --arg first_name_mapping "$first_name_mapping_pk" \
     --arg last_name_mapping "$last_name_mapping_pk" \
-    --arg role_mapping "$role_mapping_pk" \
     '{
       name: $name,
       authorization_flow: $authorization_flow,
@@ -307,7 +293,7 @@ provider_payload="$(
         $name_mapping,
         $first_name_mapping,
         $last_name_mapping
-      ] + (if $role_mapping != "" then [$role_mapping] else [] end)
+      ]
     }'
 )"
 
diff --git a/nixos/modules/burrow-authentik.nix b/nixos/modules/burrow-authentik.nix
index 977b641..acf76ce 100644
--- a/nixos/modules/burrow-authentik.nix
+++ b/nixos/modules/burrow-authentik.nix
@@ -956,7 +956,6 @@ EOF
         ${lib.optionalString (cfg.zulipAccessGroupName != null) ''
           export AUTHENTIK_ZULIP_ACCESS_GROUP=${lib.escapeShellArg cfg.zulipAccessGroupName}
         ''}
-        export AUTHENTIK_ZULIP_ADMIN_GROUP=${lib.escapeShellArg cfg.adminGroupName}
 
         ${pkgs.bash}/bin/bash ${zulipSamlSyncScript}
       '';
diff --git a/nixos/modules/burrow-zulip.nix b/nixos/modules/burrow-zulip.nix
index a7adb48..e26cc3d 100644
--- a/nixos/modules/burrow-zulip.nix
+++ b/nixos/modules/burrow-zulip.nix
@@ -373,8 +373,6 @@ services:
                 "entity_id": "https://${cfg.authentikDomain}",
                 "url": "https://${cfg.authentikDomain}/application/saml/${cfg.authentikProviderSlug}/sso/binding/redirect/",
                 "display_name": "burrow.net",
-                "auto_signup": True,
-                "extra_attrs": ["zulip_role"],
                 "x509cert": """$saml_cert""",
                 "attr_user_permanent_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                 "attr_username": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
@@ -383,13 +381,6 @@ services:
                 "attr_last_name": "lastName",
             },
         }
-        SOCIAL_AUTH_SYNC_ATTRS_DICT = {
-            "authentik": {
-                "saml": {
-                    "role": "zulip_role",
-                },
-            },
-        }
 EOF
       '';
     };