I have configured SSO for Azure AD and I'm trying to test the connection.  Despite it Azure AD accepting the account details it is redirecting back, asking which account to sign out of and then asking me to close the window.  Clicking Activate still says I need to test the connection.

If I force the record to be active (I know, not good), then the SSO will redirect to Azure AD and accept the log in, however it then redirects back to ServiceNow, quickly displays an error message saying something like "User: MGC7lEk/7CdtrW+Ri4rGnoN8FFSQPPmFI0zb8sKHTxk= not found" and then displays the 'you have logged out' page.

The log shows that the every step was successfully up until that error.  The claim in AD is on UPN which is matching a custom field on the sys_user record.  I've added the 'sso: sys_id' to the SSO source field.

Anything else I need to try?