If you are syncing someone with a lot of ADFS groups, the server may reject the request for the header being too large. If you are able to login as a user with a few groups in ADFS but run into an error with users with a lot of ADFS groups (regardless of if those ADFS groups are in Cinchy), you will need to make 2 changes.

Server Max Request Header Size

CinchySSO App Settings

In your CinchySSO app settings, you will also need to increase the max size of the request header.

    "AppSettings": {
      ...
      "MaxRequestHeadersTotalSize": {max size in bytes},
      "MaxRequestRequestBufferSize": {max size in bytes, use same as above},
      "MaxRequestBodySize": -1
    }

For more details on the app settings see the app settings section of Configuring ADFS.