Using this link I am forwarded to Okta for SSO then I can see the trace to WS1 Access, and then from Access to UEM but I am still getting "Login Failed, please try again." At this point I would guess its an issue with the username values or something similar.  How would I be able to confirm this?

I did run a saml trace on this login event and can see UEM sending to Access, Then Access to Okta, Okta replys to Access and then Access forward back to UEM where we still get the same error "Invalid User Credentials ?? An unexpected error occurred."

I checked in the Applications for UEM and Access and can not find any mismatch on pass values..  I am overlooking something?

Here is the UEM Console SAML Settings

Here are the 3 Applications in Access (The first two were created and provisioned by the UEM client when setting up)

Each of them is configured as below:

The provisioning is all working as expected and configured similarly

I highlighted in red the ones I thought could be the issue but how would I go about finding out what other possible values these could have?