Single-sign-on is about logging on in one place and having that authenticate you at other locations automatically (Okta). OpenID is about delegating authentication to an OpenID provider so you can effectively log on to multiple sites with the one set of credentials. You could use OpenID as your authentication scheme for SSO but that's incidental. If you have cookies enabled in your browser, and you have "allowed" the OpenID provider to automatically authenticate you. Then it would appear that you would "automatically" be logged in ... because the cookie would be picked up by the provider and you'd be redirected back. https://developer.okta.com/blog/2017/06/29/oidc-user-auth-aspnet-core#add-authentication
If I add a person manually say email@example.com and assign it to my app. When I run my application how does okta know that request is coming from firstname.lastname@example.org. If I clear out cookies, I am prompted by okta user name and password field. What credentials does email@example.com need to put in here?