Please check if the agent who is logging in is using their email address which is part of the AD. Also, if they are a user on the AD, you would have to make sure if their user profile on the AD has permissions to use SSO. The email address from your AD is the parameter that Freshdesk checks while authenticating the login, to locate their profile on Freshdesk.