Troubleshooting
You can enable the logging of SSO in the DAM website folder\DigizuiteCore\loginservice\appsettings.json
By setting the "EnableLocalLogging": true
That will give you more information on the errors you encounter in the log called LoginService.txt under the DAMs log files.
A tool to access the tokens being sent back and forward is highly recommended.
e.g. rcFederation Tracer for Chrome or Edge
Known issues
/wiki/spaces/PSBOK/pages/2262040577
Currently you need membership of atleast 1 group if Full sync or AddOnly is enabled before your allowed to login