A user unable to login to Rally via Okta SSO
These attributes should be sent in the SAML response to Okta and must not be blank:
Check from the User SAML logs whether the token send has "samlsub= emailid" if the value is missing the user cannot login to Rally.