The organization's Identity Provider (Azure AD, ADFS, SAML, etc.) may be returning the user's primary SMTP email address or an alternate email address, which may not match the user's BBID email address or may be returning an email domain the organization did not claim during SSO setup. For example, the Identity Provider may be returning john.smith@savethepuppies.onmicrosoft.com instead of john.smith@savethepuppies.org.

You'll want to review the user's account in the Identity Provider configuration. You may need to update their SMTP/alternate email address to match the email address configured as their Blackbaud ID username. Alternatively, the organization can claim the additional email domain in the SSO setup.