SAML SLO specifies that the initiator send a SAML logout request to the other party which in turns returns a SAML logout response. This is how SLO works as per the SAML specification.
The IdP is responsible for sending a SAML logout request to all the SPs. This does make sense and is part of the SAML specification.
The following is an example IdP-initiated SLO flow involving multiple SPs.
1. IdP sends a SAML logout request to SP #1.
2. SP #1 sends a SAML logout response to IdP.
3. IdP sends a SAML logout request to SP #2.
4. SP #2 sends a SAML logout response to IdP.
5. This sequence repeats for each SP.
Having said that, in our experience Okta only supports SP-initiated SLO. It doesn't send a SAML logout request for IdP-initiated SLO. Instead, the user is simply logged out from Okta.
I would like to know how other vendors achieve SLO without being sent a SAML logout request. It doesn't really make sense and wouldn't be SAML logout in that case. Perhaps they can provide some more details. I'd be interested to hear what they suggest.
If SAML SLO isn't used, I'm not sure what alternatives there are other than for the user to close the browser.
The automatic login you described sounds like IdP-initiated SSO. The user starts at the IdP and SSOs to your SP. In Okta, this is either initiated by the user clicking your SP application icon or by navigating to a link. There usually is some user input to select the SP they wish to navigate to. The user won't have to enter their credentials a second time.
In case it helps, you'll find our Okta integraton guide at:https://www.componentspace.com/Forums/8259/Okta-Integration-Guide