Client SSO for SaaS application

My company develops and offers an SaaS application. The application has its own user repository and authentication/authorization regime. Recently we have had clients request an SSO solution into our application. We have experimented with Ping one and initiated a working prototype with the following (high level) architecture.

I’m trying to find documentation/examples of how we might look at a similar implementation using Okta?

Here’s Okta’s OIDC documentation