To me this reads like the user is not set up in your SSO and does not have the authority to access the Workfront application.
I have our environment configured so that our external users are exempt from having to use SSO, this can be configured individually for each user in the user config - Only Allow SAML 2.0 Authentication
For external users I have this option turned off. People using this method to login will need to set and remember their own individual unique passwords and there is likewise a mechanism to reset a user's password in their config.