The reason why users could not login on Sandbox upon refresh is because the roles and permissions on employee records got carried over from Production to Sandbox upon refresh.
To solve this, Administrators must make sure that the Employee records of the users do not have the SAML Single Sign On permission for Sandbox.
- Navigate to Setup > User/Roles > Manage Roles
- Edit all the roles which could not login on Sandbox.
- Click Permissions tab
- Click Setup
- Remove the SAML Single Sign On permission on each of the roles.
5.Click Save