RonV
Either you misconfigured the plugin or the account they are logging in as doesn't match the email address/username of the Agent in osTicket or the Agent doesn't yet exist in the system.
The most common mistake is people using the Secret ID as the Client Secret or the Client ID in osTicket. The Client ID is your Application (client) ID from the Overview section of the App Registration. The Client Secret is the Secret Value from the generated Secret from the App Registration. Also, make sure you used the correct Endpoints as they will be specific to how you generated the App but also to your specific tenant. Lastly, don't change anything in the default configurations except the Client ID, Client Secret, and the Endpoints. Everything else remains as-is.
In osTicket Agents have to be created in the system first before they are allowed to login via OAuth2. Reason being is you have to configure Department access, etc. Now, once they are created their email address has to match the email address in the Microsoft account they are authenticating as.
Here is the relevant Documentation in case you don't have it or haven't seen it.
Cheers.
