Merge branch 'docs-spt-173856' into 'master'

Note Okta SAML much match for SCIM to work

See merge request gitlab-org/gitlab!47016

doc/user/group/saml_sso/index.md

@@ -134,7 +134,7 @@ For a demo of the Okta SAML setup including SCIM, see [Demo: Okta Group SAML & S
 
 Under Okta's **Single sign-on URL** field, check the option **Use this for Recipient URL and Destination URL**.
 
-We recommend:
+For NameID, the following settings are recommended; for SCIM, the following settings are required:
 
 - **Application username** (NameID) set to **Custom** `user.getInternalProperty("id")`.
 - **Name ID Format** set to **Persistent**.

doc/user/group/saml_sso/scim_setup.md

@@ -121,8 +121,12 @@ Once synchronized, changing the field mapped to `id` and `externalId` may cause
 
 ### Okta configuration steps
 
-The SAML application that was created during [Single sign-on](index.md#okta-setup-notes) setup for [Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/overview/) now needs to be set up for SCIM.
-Before proceeding, be sure to complete the [GitLab configuration](#gitlab-configuration) process.
+Before you start this section, complete the [GitLab configuration](#gitlab-configuration) process.
+Make sure that you've also set up a SAML application for [Okta](https://developer.okta.com/docs/guides/build-sso-integration/saml2/overview/),
+as described in the [Okta setup notes](index.md#okta-setup-notes)
+
+Make sure that the Okta setup matches our documentation exactly, especially the NameID
+configuration. Otherwise, the Okta SCIM app may not work properly.
 
 1. Sign in to Okta.
 1. If you see an **Admin** button in the top right, click the button. This will