Creating SSO implementation for external Okta organizations


We have a request from one of our customers to implement Okta SSO for our product. When diving into this I find myself with several questions I hope some of you can answer.

What is the best way to setup Okta SSO for external organizations? At present I’ve created an application and planning to submit this to the OIN.

Can I use the idp in id_token to distinguish between organizations/idp? So since Okta isn’t globally usernames (emails), we need a way to authenticate the user to both organization and username on our backend. An Okta organization should be associated with a local organization.

Do the customer need to setup anything other than their idp in our system? I see in the OIN submission form there are requirements for documenting setup - is it as easy as providing their idp?

Thanks in advance, Kristian