SSO with external IDP


I have an application and I use Okta as IdP, my customers/partners used to create users for their people in my system in order to use it, my partner’s IdP doesn’t have SAML 2.0 capability.

We want to embed my application into their platform with an iframe, so when their user’s login into their platform we should be able to SSO their users in my application without asking for credentials again… and have the experience of using the surrounding web page and the IFrame be seamless.

So my idea is when my app loads… if there isn’t any okta session, look for an external session / access_token and validate this external access_token, and exchange it for one from Okta.

So if there some documentation for this kind of exchange?
I know Okta has APIs to create JWTs for the caller. I can request a token for me using my own credentials. Does Okta have an API for creating a JWT for another user?

Or is there a different way to do it?