Ran into the same issue with one of my customers. We found that removing the file "custom.xml" located in default/data/ui/nav in the Okta add-on fixed the issue, and still let us use the search-time parsing in ES for Okta events. I'm not sure why custom.xml is there, since it is identical to default.xml in the same directory.
So, the actual problem was that the Okta TA was automatically getting "included" into the ES app, so the nav and views defined in that TA were 'a part of' the ES app. See https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps for information on this feature of ES. By default, any app that starts with "TA-" (and others) is automatically "imported" into the ES app. Since the Okta add-on starts with "TA-" (the name is "TA-Okta_Identity_Cloud_for_Splunk"), it was getting imported and visible in ES, causing the nav issues (and other pages to show up).
1. In the ES app, navigate to "Configure | General | App Imports Update".
2. Click on the "update_es" item to edit it.
3. Add "|TA-Okta_Identity_Cloud_for_Splunk" to the "Application Exclusion Regular Expression" field.
4. Save your changes.
5. Restart Splunk.