Outlook client for a new employee redirects login to Beyond Identity instead of prompting for a password.
In a hybrid deployment, when the primary domain is federated to Beyond Identity, but new users need to be excluded from Beyond Identity, admins should remember to add the newly created user to the password authenticated users group at the time of creating the account. If this step is not done before configuring the Outlook client for the user, then the Outlook client redirects the login to Beyond Identity. Even if the user is then added to the password authenticated users group, Outlook continues to use the cached information and redirects the login to Beyond Identity.
Make sure that the user is added to the password authenticated users group. Then delete the user's Outlook profile and create a new one. The user will now be prompted for a password.