Can you include / exclude users from specific Network Zones defined in Okta from both Sign On and Password policies?
Solution: You can do this with both policy types mentioned

In an SP-initiated SAML 2.0 flow, the SP will never redirect to Okta if the session is already active Solution: It might be seamless for the user, but the redirect is happening

If you want to remove an attribute's value in Okta, for example a value coming from AD that is not useful in any way, you have to:
Solution: Intentionally map a blank value to that specific attribute in the user profile

What does SCIM stand for?
Solution: System of Cross-scripting-domain Identity Management

As an Okta admin, when you implement IWA, you have to know how to successfully test it to see if it's working. For this you:
Solution: Paste into a browser configured for DSSO the IWA redirect URL along with '/authenticated.aspx' after it, hit 'Enter' and check the message returned