Perhaps revisiting the Okta Provisioning process? Lack of email address is going to void the user from getting an email that could not be sent because the email box didn't exist yet but LastPass had been created. You'd have to see if you could API call against LastPass to re-send an invite (I have not tried that) to a specific user.
I would consider using group Provisioning from Okta, only provision over users who have received their email address assignment from Google, and use Okta Workflows to automate some of this, assuming your AD team (if that's your Master Identity) is putting users in the correct group you have used for SCIM. If it's Okta, then you can control user membership via Workflows or other.