You have configured your DLP Enforce server to authenticate via SAML as per: About authenticating users

On testing you see that the authentication step is succeeding but the Enforce server fails to locate a user for authorisation. 

DLP 16.x, SAML integration

The email address attribute being passed contained mixed case eg: [email protected] 

But the the email address to be matched for the user in the DLP Enforce was in lower case eg: [email protected]

Attribute matching is strictly enforced so no match was found in DLP to complete authorisation.

Synchronising the records to match the email case resolved the issue.