...
To configure the Single sign out, issue a certificate used to sign the logout request issued by the SP application, then upload it to okta in the Signing Certificate section. Next, using the Config tool, set the SAMLLogoutX509CertificatePath and SAMLLogoutX509CertificatePrivateKeyPassword to the certificate that is issued by the SP.
Assuming that you have users already setup with the correct NameID assigned, you should be set to go.