Hello,
Okta does not set CORS headers for the SAML embedded application links and requires a browser user-agent redirect.
Browsers block calls if the pre-flight fails, Postman does not have this restriction
1 Like