Multi tenant sso

We are a software vendor with multiple clients with large user bases some of whom are already running their internal authentication through Okta. We have been asked to implement sso in to our current system.
What would be the best solution based on the following requirements

The requirements are.

  1. Allow the clients to “Import” their users from Okta to our system.
  2. Be able to differentiate between what tenant the user belongs to when they attempt to login.
  3. If the user is from a client that is using octa redirect them to octa for authentication.

Not all of our clients are using a service like Okta for authentication so we still need to maintain our email/password system