I am using amplify, cognito and saml idp with okta. To signout a user from my app, I am using Amplify's Auth.signout() function and configured single logout in OKTA as the system is going to be a shared one and on logout user must be signed out of OKTA. This case is working as expected. 

But there is a problem when user closes the browser without clicking signout from the app. Requirement is, even if the user closes the browser, okta session needs to be cleared. So I want to leverage OKTA API to get user signed out from app for specific cases like this.

Please let me know how to use OKTA API for below case:

1. I cannot remove amplify framework from my app as its tightly configured with cognito and we use tokens that we get from cognito to hit api calls

2. We don't want to login using OKTA API as we already logging in using amplify which is going to redirect to Cognito and from there to OKTA login

3. But we want to utilize Okta API to logout or clear user session from Okta domain rather than Amplify's Auth.signout() for specific case like browser close event

4. I have attached the screenshot below where we have configured SAML with OKTA in cognito.

5. I can see there are some OKTA api's to remove or delete user sessions from okta, but not sure how to consume it, as we store only cognito tokens in our app. Okta tokens or session is residing in its own domain and not in our app

6. Please suggest the best way to retrieve okta sessions or token from okta domain and then to clear out the session through API. Also please let know if it mandatory to configure OKTA metadata in app like client id (if you see the screenshot, I do not have client Id provided in SAML)