For very simple Kubernetes and Docker environments, I’ve used Dex IdP with good results. It’s low on features, but easy to set up.

I can only think of two ways if the top of my head:

• Immich runs as root and sets ownership (sounds unsafe)
• Immich is the owner of all the files, but each user has a specific group (bobs-photos) of which Immich and the user are members. Then use the setgid bit to set group ownership and make it g+rwx.

Both sound pretty brittle to me, though, and I haven’t tested this specifically.