When a new Project Manager is created via SSO, it has full rights by default. There isn't an option to provide limited rights.
Available workaround (if any):
The newly created Project Manager via SSO needs to be somehow tracked and quickly have the user rights changed (manually or via API).
Add the possibility to check inside SSO settings an option that provides fully limited user rights for new Project Managers created via SSO.
New Project Managers created via SSO will have full rights and will have access to a all internal data, Projects, Users, Clients, detailed configurations,... Also, there can be many Project Managers inside the organization that each belongs to a different internal department/group/business unit where each Project Manager has different rights.