I was referring to difference between "User Access" and "Login Access" licenses. It appears that only Active Directory users with "User Access" tokens can access Monitoring apps in Hub. My security rules are simple, full access to all apps and all streams. This test user also has every admin roles. The only difference is that this test user is being authenticated through SSO.