Sorry for the late reply, I got caught up by the Kibana 7.2 release.
But yes, I did test it with SAML and in my test the plugin behaved as expected.
Meaning - if there is an expiration set in the response from the Identity Provider (Okta in your case), this value is respected and after the expiration, the plugin logs you out and redirects back to the Identity Provider.
If there is no expiration set, the values in Kibana.yml are used.
So unfortunately at the moment there is no way to override the expiration from the Identity Provider.
I don’t really know Okta in detail, but hopefully they’ll let you edit the expiration settings?