Ansible Gateway SSO with Okta.. Anyone successful?

Finally got 2.5 RPM setup and silly me, I assumed I could go right in and setup SSO to Okta like I did for 2.4 but nerp. So many new and required fields now.. and not being an Okta pro, and remembering a few other posts mentioning Authentication challenges I figured I'd ask.. has anyone been successful with Okta yet?

UPDATE:

While I have not gotten confirmation from support yet, this morning we discovered something that works!

So it's using Okta, setting up a SAML 2 app integration. On the AAP side we set the User Email and Username values to the Okta URNs (respectively):

urn:oid:0.9.2342.19200300.100.1.3

urn:oid:0.9.2342.19200300.100.1.1

Doing this allowed a valid SSO authentication! Again YMMV

Second Update:

'User Permanent ID' is required, without setting that is the reason that for us only URN's worked. So grab your Okta assertion and towards the top (for me) there was a line like:

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exxxxxxxx0ZA0h8</saml2:Issuer>
<saml2:Subject>

So under the SAML config, User Permanent ID I put 'name_id'. To be fair I'm not sure why 'name-id' wouldn't work but the support guy said use an underscore, so I did. This worked, and allowed me to change the Username, User Email, user Last Name and user First Name all to the attribute names.