This is a known "issue" that is somewhat related to HgLab responding with HTTP 404 when it should be responding with HTTP 403. To prevent information disclosure, HgLab does not tell a user that "there is indeed a project named "X", but you don't have access to it", nor does it give hints as to whether one has been granted sign in permissions.
This is not very intuitive and I think this will be changing in future versions.
from what I have seen of the product, I feel that it should open the dashboard and say that you have no projects, no access to create projects or something similar.
We have similar challenges in our own products with Windows Auth, I believe we handled this by giving a fake sub-status code, like "403.28" to prevent the ASP.NET MVC error handling. Unfortunately, I don't remember the details, but can check if needed.