We just recently switched our SAML provider and i have ONE user that can't log into NS using his SAML role however he can using his non SSO role. When i run a detailed report on his login audit the only error it's giving me is 'wrong email' however the email in his employee record and the one recorded on Okta (and everywhere else) is correct. Anyone have any ideas?

we've had this issue before and it was caused by the master record in okta having the correct email but the oktanetsuite record (I'm not too familiar with the okta interface, but I think it was clicking on the netsuite link in the users' okta account as an admin) was set to a different domain (think .co.uk instead of .com)