Third-part SAAS authorization check after Okta SSO?

Looking for options in creating an integration for our organization that checks with a third-party API after authenticating users with Okta. Depending on the response from the third-party we need to redirect to them, or just continue on to the service the users were logging into. (in this case the third-party api is also us, but separate internal tools)

It seems something like adding a Sign-On Policy to an Application that checked with either an additional IDP would work. Or adding additional custom claim then routing based on that claim.

Ideas would be helpful.