Troubleshooting
You can enable the logging of SSO in the DAM website folder\DigizuiteCore\loginservice\appsettings.json
By setting the "EnableLocalLogging": true
That will give you more information on the errors you encounter in the log called LoginService.txt under the DAMs log files.
A tool to access the tokens being sent back and forward is highly recommended.
e.g. rcFederation Tracer for Chrome or Edge
Specific users has problems logging in
If a specific user has problems logging in, it can be the user has been maually created with the email adresse. Check if there is a duplicate user and remove the manually created user.
The system does not allow duplicate emails.
It can also be due to a too long access token if a user is a member of too many groups. Then please try and limit the amount of groups being passed along in the token.
Known issues
/wiki/spaces/PSBOK/pages/2262040577
Currently you need membership of atleast 1 group if Full sync or AddOnly is enabled before your allowed to login