Oidc IdP best practice

Does your other okta tenant (the one being used as an IdP) have a custom url domain?

This mismatch may be caused by the token (issued by the Okta org serving as an external IdP) containing an issuer that doesn’t match the one you provided when you set up the idp. You’ll want to make sure that the authorization server/app is configured to use the domain you are trying to use in your idp configuration, see Update other Okta settings | Okta Developer.