Is user information persisted in Zero trust?

Suppose I have users using Okta to sign into CF Access. Okta sends an OIDC claim (or SAML assertion) to CF. Once that is verified, is that information persisted by CF that can be accessed via API?

Yes.

https://developers.cloudflare.com/cloudflare-one/identity/users/validating-json/