The "Access denied" message means that the authentication to the Control Center web GUI was successful but the account's policy group doesn't have adminstrative access. 

Configuring Administrator policy group access to Messaging Gateway

1. Ensure that a directory data source is configured with Authentication enabled with either 'Control Center authentication only' selected or 'Control Center and SMTP authentication' selected.
2. Enable 'Both Control Center Authorization and Email Scanning' is selected on the Address Resolution tab.
3. Ensure that "Enable an Administration Policy for this policy group" is enabled for the specific policy group (Administration > Policy Groups > Select a policy group > Edit > Administration) and that the appropriate administration policy is selected.

Clearing the DDS cache

1. Log into the SMG Control Center as admin
2. Go to Administration > Directory Integration
3. Open the configuration for the data source that is providing authentication
4. Select the Advanced tab
5. Click the Clear cache button

This will ensure that any cached membership entries for the administration policy group have been cleared and the directory server will be queried for the most recent information on group membership.

Policy Group Precedence

If clearing the cache doesn't address the issue, ensure that the account is being properly mapped to the expected administration policy group:

1. Go to Administration > Find User
2. Enter the email address of the administrator account recieving the access denied message
3. Click Find user
4. Confirm that the administrator policy group shows up in the list and is the first entry in the list.

If the administration group is not the first policy group in the list, it's precedence will need to be adjusted by 

1. Go to Administration > Policy Groups
2. Click and hold on the administration policy group 
3. Drag the administration policy group to the top of the precedence list