If okta support cross org/domain management

I want to check with team if okta support below scenario

  1. Both orgA(orgA.okata.com) and orgB(orgB.okata.com) are okta customers
  2. B is A’s customer. A has App in Okta App Catalog like Salesforce, Autodesk Cisco Webex. That’s support synchronize B’s users/groups in Okta to orgA by SCIM protocol.

As I know orgB admin can manually
create SCIM app
Or create OAuth client and share client id/secret or provide API Key to others services. Others can create SCIM App and assign users/groups to App if scopes granted

But what i want is
Precondition: No SCIM App , OAuth client or API key configured in OrgB
3. B authorize A to manage its apps, users… e.g
3.1 A open Okta’s authorization page require some privileges like app management
3.2 orgB admin input username and password in the page
3.3 orgB admin confirm authorization
4. A authorized by B
5. A can create OAuth client , SCIM App under orgB(orgB.okata.com) . So orgB admin doesn’t need to do these things manually

If it supported??

It sounds like what you are describing is pretty close to OAuth for Okta,

The scenario in the doc is B create the OAuth client and share client the A manually
But what i want is A create the client for B automatically after authorized by B.
The authorization process is like i describe
3.1 A open Okta’s authorization page require some privileges like app management
3.2 orgB admin input username and password in the page
3.3 orgB admin confirm authorization

OrgA get access token with OAuth and access orgB resource
Normal Case (supported already)
orgA page or service send request
Get https://{orgB_domian}/oauth2/v1/authorize?client_id=client_provided_by_B&scope=…

Post https://{orgB_domian}/oauth2/v1/token with above client after OrgB admin input username & password in page

Expected
orgA page or service send request by A’s client Id
Get https://{orgB_domian}/oauth2/v1/authorize?client_id=client_from_A&scope=…
OrgB admin input username & password and confirm authorization
Then orgA send request
Post https://{orgB_domian}/oauth2/v1/token with client_id=client_from_A

Basically,A access B‘s resource using A’s own client after B authorized to A’s client