You might find this post on using OKTA with Z2JH useful:
If I understand correctly OKTA uses OAuth, so you should only have to log in once and when another app authenticates you it should redirect you to the OKTA server, which will see that you’ve previously logged in through the same browser session to your flask app.