Thank you for your response. You've clearly taken some time to respond, but I feel like I might not have been clear enough in some instances.
With regards to the Profile mapping - I have removed all of the mappings from the "Profile Editor" for the application, but I still see all of the fields when I'm trying to assign a new user. Is that expected behaviour? Given that all the mappings are switched off, why are they still showing and what happens if I put data into those fields when assigning a user to the Salesforce application?
I didn't clearly indicate enough that I had switched on the "De-provision" setting along with the "Provisioning" when I switched it on. The only tick-box I'd selected was "De-provision" and I left the rest un-ticked. I understand the differences between them and why we may only want to select particular parts of the functionality.
The user who I tested on had been imported into OKTA already and had been assigned to the Salesforce application prior to me switching on the Provisioning functionality and enabling "De-Provision". Additionally, I had checked that the user was correctly mapped to the user in the Salesforce sandbox and they could log-in to the sandbox using OKTA. However, when I unassigned the user from the Salesforce application, their user in Salesforce was not de-activated. The de-provisioning only worked if I re-applied the Salesforce application to this user AFTER I had turned on the provisioning functionality. Your response indicates that this isn't expected behaviour. Is that the case?
I'm not sure that I'm the target market for the OKTA Essentials course. I've been using OKTA for a number of years so am pretty comfortable with the broad functionality. My question relates more to this specific use case.