Auth0 B2B architecture and questions

We are using auth0 as our B2B user management tool in a multitenancy SaaS application,
for each tenant we have an organization on auth0 and a specific connection(of type auth0)
and we create each user for a specific tenant on its own connection.
We are using Cloud front reverse proxy according to auth0 docs to hide our user management tool (which is auth0).
in order to do so, we are adding behaviors in CloudFront so when he gets a /u/login, it needs to set origin to auth0 and when he gets a /authorize it needs to set origin to auth0.

is this a legit way of handling it? are we missing something? will those 2 endpoints are subject to change or they are going to be permanent so our architecture wont break?

Thanks in advance!

we tried to use the SAML authentication path but we noticed we cant use org_id there and we must use the “prompt organization” screen, is there any way to send org_id with the SAMLRequest so we wont have to ask our costumers to enter their organization id?