Had some pretty negative experiences with pricing/"enterprise" sales tactics by Okta (which now owns Auth0, and they used the same tactics on both products). I will take AWS pricing shenanigans over that any day.
Given the choice between a crummy API and being driven bankrupt by a SaaS vendor, I prefer a crummy API. I suppose your calculus might look different if you have a lot of money or an employer with great negotiating leverage.
Okta has been plagued by security issues [1], never heard of Ping Identity, Azure only makes sense if you get a sweetheart deal and are willing to deal with Azure's crap, and I'd never recommend anyone to use anything Google any more.
Ping is one of the oldest players in the business, they were founded in 2002 and had one of the earliest identity PaaS in the market (at least as far back as 2012). Haven't used their products much though.
okta is not "active-active" in a multi-region sense, they run in a single active AWS single Region per-tenant. You can pay extra to have a faster failover in a region level failure scenario:
Almost every other SaaS vendor supports multi-region active-active and Cognito does not.