Hi Frank
I was able to find the actual error hidden in the html traffic. It was related to Azure AD not being able to read the email from the OKTA Saml Response.
This seems to be caused by the fact that okta was not set up to send the email address as "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress".
I'm still trying to find a way of doing this in Okta, as there doesn't seem to exist an out of the box way of doing it; I can add it as a custom attribute, but the only formats that are available are Unspecified, Uri Reference or Basic
Mihai,