User isolation and initiated SSO for Multi tenant web application

The application which we are building support multi tenancy. We have 2 types of users. 1 organisation head/ admin who would register the organisation. Second type of user is the organisation employee who will be invited by Admin user to join our application. We want to isolate users based on organisation and also want to provide initiated sign Up/In for employee users.

Question : Is it possible to achieve isolation based on Tenant in same application ? If so how can it be achieved ?

Question : Is it possible to achieve tenant specific initiated sign Up/In ? If so how can it be achieved ?

I recommend looking at the app Org2Org. It allows you to sign into an tenant through another tenant by assigning it as profile master therefore separating the orgs but also allowing users to sign in via both orgs.