Do you have any Routing Rules enabled for your org/app that would route a user to an external IdP based on their username/user attributes?
With Routing Rules enabled, Okta first requests the username so it can determine if the user has a password in Okta or not. If they’re Okta users, the password input will be displayed on the next page, while external users will be redirected to their IdP.
Hey, I don’t think I have any external IdP enabled. Okta is the source of truth for the user auth.
Edit: Moreover, this seems to work if I input any dummy id which is not part of okta users. It will let me enter the incorrect user name, then on the next screen, password as well. But then trying to signin will fail as expected.