A user unable to login to Rally via Okta SSO

These attributes should be sent in the SAML response to Okta and must not be blank:

1. 1. firstName
   2. lastName
   3. Subject (This is the actual Rally username in email address format.)
   4. email (This is a separate attribute from Subject and may or may not be the same value.)

Check from the User SAML logs whether the token send has "samlsub= emailid" if the value is missing the user cannot login to Rally.