If you encounter a 403 "Error: app_not_enabled_for_user" when attempting to login via Google SAML authentication, this seems to occur in scenarios where the user attempting to login is already logged into their personal Google account, but not their work Google account. In that scenario, they'll see this error.
To work around this issue, have them log out of their personal Google account and then try logging into Doppler via Google SAML authentication. This should take them through the Google login flow where they can login to their work account.
You can get more information about this problem in this StackOverflow post.