You can assign the translate5 roles for your users directly in Azure. If Azure transfers roles for your users to translate5 (as it does with the above configuration) translate5 will set these roles with each login via Azure in translate5 - and change existing roles for the user and ignore the roles that are set for the OpenID configuration for the corresponding client in translate5.
Please note: Signing in via Azure with the following steps does only work for normal users in Azure, not for Guest users. Maybe there are some tweeks in Azure that allow it for Guest users as well - if someone finds out please add to this documentation.
Now the settings in Azure ActiveDirectory are complete. Proceed with the settings in translate5.