Although you may have connected your SSO to Matrix Booking, it doesn't guarantee all staff can access the system. When your organisation sets up Matrix Booking SSO via Microsoft Entra ID (formerly Azure Active Directory), your IT team may have assigned a group so that you log in via SSO. It checks in your SSO or directory to see if all staff can access the system or if your company has restricted access to a specific group.
If you have restricted it to a group, anyone in your company that is not in that group will get an error that looks a bit like this after they log in to SSO:
AADSTSxxxxx: The signed in user 'xxxxx.xxxxxx@yourcompany.com' is not assigned to a role for the application 'xxxxxxxxxxxx'(Matrix Booking).
This is not security at the Matrix Booking end that is blocking you from logging in. It is something you need to raise with your own IT team and ask them to ensure that the staff member is added to the correct group in Entra ID for SSO.