Docs: Update Okta Group SAML info

doc/administration/troubleshooting/group_saml_scim.md

@@ -38,6 +38,24 @@ SCIM mapping:
 
 ![Azure AD SCIM](img/AzureAD-scim_attribute_mapping.png)
 
+## Okta
+
+Basic SAML app configuration:
+
+![Okta basic SAML](img/Okta-SAMLsetup.png)
+
+User claims and attributes:
+
+![Okta Attributes](img/Okta-attributes.png)
+
+Advanced SAML app settings (defaults):
+
+![Okta Advanced Settings](img/Okta-advancedsettings.png)
+
+IdP Links and Certificate:
+
+![Okta Links and Certificate](img/Okta-linkscert.png)
+
 ## OneLogin
 
 Application details:

doc/user/group/saml_sso/index.md

@@ -234,6 +234,13 @@ Set other user attributes and claims according to the [assertions table](#assert
 
 Under Okta's **Single sign on URL** field, check the option **Use this for Recipient URL and Destination URL**.
 
+Please note that Okta's generic SAML app does not have a **Login URL** field, where the **Identity provider single sign on URL** would normally go. The **Identity provider single sign on URL** may be required the first time a user is logging in if they are having any difficulties.
+
+We recommend:
+
+- **Application username** (NameID) set to **Custom** `user.getInternalProperty("id")`.
+- **Name ID Format** set to **Persistent**.
+
 Set attribute statements according to the [assertions table](#assertions).
 
 ### OneLogin setup notes