Authentication error message in okta login page

I got my okta login page in my application using authorize endpoint.

When there is no user present in okta, error message displays on the page as expected.
When the user is exists in okta, but the user does not belong to a right group, then there is no error message is shown in the page. Its navigating to my application’s servlet doFilter method with error in servlet request.

Now 2 questions.

  1. Will there be any session in okta for this user? If so, how do I kill it?
  2. Is there any way that I can restrict them in okta login page itself?

Please shed some light on these.