First, in your Okta account, create a new Application. Go to Applications, and click 'Add Application'
Then click 'Create New App'
As the application integration type, select OpenID Connect.
Name the application, and in the field Login redirect URI's, put your authorization domain /cdn-cgi/access/callback. Click Save.
Then Okta will show you your completed Application.
Scroll down to the OpenID Connect Token section and click Edit.
In the groups claim field, switch 'Starts With' to 'Regex' and set it equal to .*
Now scroll down to copy your Client ID and Client Secret from the Okta dashboard and then paste them into the Cloudflare dashboard.
In the Okta dashboard, click on Assignments for the Application.
Then assign to the group 'Everyone'. (You will lock down access in the Cloudflare Access dashboard)
Now go to the Cloudflare dashboard and specify which Okta groups and users should be allowed or denied access.