ICDm / SES cloud console with IdP configured:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Administrators,-Passwords,-and-Authentication/configuring-a-saml-2-0-based-identity-provider-for-v131783916-d4161e9772.html

One of the possible causes of the failure is using friendly names in the IdP attribute mapping instead of the name.

The recommend approach is to gather HAR file while replicating the issue. 

https://knowledge.broadcom.com/external/article/205795/how-to-generate-har-file.html

Check the SAML assertion and compare it against the configured attribute map. Ensure that the names from the assertion are matching the configured ones in the map, and if there are any discrepancies, fix the names in the map in accordance to the assertion. 

Make sure to not use the friendly name. Example of the line and names from the assertion:

<saml2:Attribute FriendlyName='friendly_name_mail' Name='example_ID'

Do not use "friendly_name_mail' but 'example_ID'.

If you have issues with logging to the console due to the misconfigured SAML, sign in to the console using the direct link: https://us.securitycloud.symantec.com/oidc/authorize?okta_admin_flow=1