Which is a / are best-practice(s) in a SAML 2.0 situation?
Solution: To never enable SAML for all your end-users
Whenever you make an API call, you will then get back:
Solution: A new object (a user, group or app object)
Which port and which of the: 'http' or SSL enabled connections does Okta recommend?
Solution: Port 443 and SSL enabled connections