SSO login fails for some users but works for others .

Checking the logs on the instance, the below error is seen :

Error SAML2Error: SAML failed to login, Status code is urn:oasis:names:tc:SAML:2.0:status:Responder. When it is supposed to be urn:oasis:names:tc:SAML:2.0:status:Success SAML2

SAML Response contains the below status code :

<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:RequestDenied" /></samlp:StatusCode>

This is a user specific issue on the ADFS/IDP end .

Please contact the IDP admin to check why the status code "RequestDenied" is sent for specific users (could be specific to user profile permissions . )