Once the SSO setup is complete, all the users from your user directory are able log in to your Frontify platform. Their user is automatically created upon login but they do not get any permissions by default. So if they land on a Guideline after the first log in, they can potentially get the 403 - Access Denied message.
This means they still need access to the landing Guideline (the main Guideline that your domain points to).
To fix this, you need to invite the user, the group where the user is invited to or a Smart Group to this Guideline. Learn more on how to create Smart Groups here