I do not know if this is still valid but let me answer this 😊
This is completely depending on the user requests and whether they are successfully authenticated or not and if they are authorized or blocked in a rule.
Normally, you perform authentication and if authenticated, you check with usergroups if a user is allowed to browse internet for example. If not, he would be blocked because of being "unauthorized" which is a normal block page. It sounds more like being blocked after successful authentication rather than authentication fails.
To troubleshoot this issue, I would suggest to open a SR and attach feedback file and rule trace (if you can reproduce this block). With feedback file (policy), support can check if your rule set is properly configured etc. Please do not upload the data here in community since it contains sensitive information.
Without having seen any debug data I can just say what I said above.
Technical Support Engineer
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!