Vault Okta MFA not finding users

I love vaults secret management engines and have used them to great success. I’m attempting to use their new native Okta and Okta MFA authentication integrations. Okta Authentication itself works fine and is provisioned with a read only admin API key.

Using their documentation I assume the issue is somewhere with the username_format but I can’t quite pin it down. I am using their “{{}}” (domain subsituted) default. Perhaps there is some mapping in the internal entities that I don’t understand that needs to be edited. Any help or advice is appreciated.
Vault MFA is responding with the below error (provisioned with the same Okta read only admin). Used this documentation

Code: 403. Errors:

  • failed to satisfy enforcement okta_mfa. error: 2 errors occurred:
    * no value could be found for one of the template directives
    * no users found for e-mail address:

    “response”: {
    “mount_type”: “system”,
    “mount_accessor”: “system_1199a515”,
    “data”: {
    “error”: “”
    “error”: “permission denied”