Huge Kudos to Ron on the support desk.
So still not entirely sure of all issues (one was Brave browser related, doubtless others were idiot user [me] related) - also had set up using an older video link.
But in relation to the password question I raised earlier, Ron put me on to a much more secure login workflow:
Assign Temp Password to user matching SSO Profile Email (does nothing if no match)
Sign up (if … count is 0) using result of step 1 as password
Log user in using result of step 1 as password