Possible causes of authentications failures in Office 365

The most common errors in settings are below:

WSFED:

UPN : the value of this claim should match the UserPrincipalName of the user in Azure AD.

ImmutableID : the value of this claim should match the sourceAnchor or ImmutableID of the user in Azure AD.

To get user attribute value in Azure AD, run Get-MsolUser –UserPrincipalName <UPN>

SAML 2.0:

IDPEmail : the value of this claim should match the UserPrincipalName of the users in Azure AD.

NAMEID : the value of this claim should match the sourceAnchor or ImmutableID of the user in Azure AD.

There are many other possible causes, please check the article below for details:

Possible causes of Authentications failures for federated users in Office 365