We are building out an OIDC SSO integration with another business where we will be the IDP. We’re a B2B company so it’s actually us SSOing people on behalf of multiple clients, into this other third party.

The probelm we will have is clients (their customer accounts specifically) can theoretically have ID collisions as we treat each client as their own instance. From what I understand, within our OIDC request, we would have one client id, and call back url regardless of if we’re trying to SSO a customer in who is a customer of client a or client b.

Any suggestions on how to handle this? My thoughts are the party we are integrating with either has to have a unique url for us to hit per client, which we would then handle in a config, or we have to send a custom claim like client_id that is basically, this is client a.

I don’t think any of the standard claims are meant for this, but I could be interpreting it wrong. Just wondering if anyone has been through this and what they ended up doing.