We talking about ID tokens or Access tokens? Your ID tokens should contain a sub claim matching the user’s ID in Okta, and an access token should contain a sub claim matching the users email address.
We don’t really offer a way to configure the sub claim, outside of the one returned in an Access Token issued by a custom Authorization Server, so is it possible for your system to check a different claim instead?