In the <episerver.framwork> section of Web.config file try changing from:
<virtualRoles addClaims="true">
to:
<virtualRoles addClaims="false" replacePrincipal="true">
Adding DOMAIN from the mappedRole does the trick.
<add name="SearchAdmins" type="EPiServer.Security.MappedRole, EPiServer.Framework" roles="WebAdmins, Administrators,
DOMAIN\Intra Admin" mode="Any"/>