This message means that the user has been authenticated through SSO but there isn't a user in Vault that matches so Vault does not know who this person is.
The username configured in Vault must exactly match the person's internal company username (i.e. the username that they log onto their computer at work with) so Vault knows who the person is.
Why can't a user just be logged straight into Vault if they are authenticated through SSO?
The reason a user must also be configured in Vault is because they still need to be given the appropriate access - which parts of the organisation structure does the person have access to? Which modules does the person have access to? Is the person a VIntel or VAudit user? Which worker is the person linked to?
This article is only applicable to organisations who use SSO (single sign-on).