Issues with Sensitivity Labels and "Specific email addresses or domains" - Not working

Hello!

We have enabled Sensitivity Labels in our tenant.
The access control settings for the label states that a specific domain gets the permission "Co-Author".

When we enable the Sensitivity label on a document and sent it towards the approved domain, it results in an error message when authenticating to open the document:

"Selected user account does not exist in tenant 'Veni AS' and cannot access the application in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account."

After doing some research I did some changes to the external domain within the Cross-tenant settings.
The external domain now has the following settings:
Inbound access: 
Allow access on external users and groups, within B2B Collaboration
Allow access on external users and groups, within B2B direct connect
Trust multifactor authentication from Microsoft Entra tenants, within Trust settings.

Outbound access:
Allow access on users and groups, within B2B Collaboration
Allow access on users and groups, within B2B direct connect

External Identities:
Block access for external users and groups. (Inherited from default)

After doing this change, I no longer get the same error message as above when authenticating to open the labeled document.
Now I get the following error message:

"You are not signed in to office with an account that has permission to open this document. You may sign in a new account into Office that has permission or request permission from the content owner"

I have this working from another tenant to the same external domain and I have cross-checked the settings. Any idea on how to proceed, or if it is any obvious change I need to make in order to get this to work?

All feedback appreciated! :-)