This message means that the user has been authenticated through SSO but there isn't a user in Vault that matches so Vault does not know who this person is.
The username configured in Vault must exactly match the person's internal company username (i.e. the principal/the username that they log onto their computer at work with) so Vault knows who the person is.
Why can't a user just be logged straight into Vault if they are authenticated through SSO?
The reason a user must also be configured in Vault is because they still need to be given the appropriate access - which parts of the organisation structure does the person have access to? Which modules does the person have access to? Is the person a VIntel or VAudit user? Which worker is the person linked to?
This article is only applicable to organisations who use SSO (single sign-on).