We are running into the same issue. IWA works fine on both Mac and Win but as soon as we enable Global Redirect it breaks on all Mac browsers. I can confirm the following:
Mac domain joined
Firewall not blocking
SVC account setup per instructions
No idea either what they are referring to with API token.
I have opened a case with Okta support that hasn't really gotten anywhere in the last 2 + weeks. Would love to see some attention to this.