Is it the AADSTS50020 error? If the logged in users do not exist in the tenant/directory for a given application, they may receive this error.
The app requesting the login should use v2 endpoints oauth2/v2.0/authorize and oauth2/v2.0/token and that should resolve the issue.