After a lot of testing I went back and had a call with our OKTA admin. Seems that the error was on their side. I did not need any extra settings other than what I had listed above for saml config.
This article helped him set things up on his side correctly. A trailing “/” was what was breaking this before.
https://medium.com/@sazipkin/setting-up-ansible-tower-with-okta-a132644be980