As a super admin of my organization, how do I temporarily impersonate a user? For example, let's say I have SAML enabled for Okta -> G Suite and I need to access the Gmail inbox of a user. How do I do that? Is my only option to reset that user's email and 2FA and log in as them or is there a more streamlined way for admins to do that straight from the Okta Web interface?
For security reasons we have no way to impersonate a user even with the super admin rights. So yes, the only feasible option to gain access to his account would be to reset his MFA and his password so you can login as the user. The easiest way to do this would also be to have their login and the password managed by the company and just provide the users with their login details.
You could create an inbound Saml app with the org2org app and add restricted policies to it, you would have to enter the users login name and because of the saml you wouldnt need pwd reset or mfa if you login.