If the session with Okta has expired for whatever reason, the user will be able to login in ONCE using a one-time token to get a new session cookie.
The Okta Developer Guide describes this process in detail. In general, if a user has authenticated with a SAML IdP (e.g., Okta), still has a valid session and the Service Provider (i.e., Google) has been configured to redirect sign-on requests, then Okta can generate a SAML response, pass it to Google and the user will gain access to the protected resource (i.e., Google App) without being challenged to login again regardless of whether the browser is restarted.
The first one deals with Identity Providers (IdP) like Okta and the way this works depends on several configuration settings and other factors.
