Authenticate by saml for some users

Thank you Marcelina for the detailed and informative response.
Using Enterprise and Organization features means we’ll need to upgrade our subscription and pay significantly more. We’re trying to avoid it for now.
I did find in the links you sent the [Authentication (B2B)](HRD through Universal Login using the Identifier to Realm Map) option. This option is also mentioned here Identifier first Universal Login for SAML users without HRD - #2 by shunsuke.tsutsui
This seems like the best option at the moment.
Can you please explain how i can implement this (already configured Universal Login to Identifier First Authentication):

  1. Regarding the endpoint that gets an email and returns a connection - what is the exact configuration of the endpoint (HTTP method, query params, body and return value)
  2. Where do i set the endpoint, so the Universal Login will call it after the email is entered by the user.
  3. I didn’t understand if the Universal Login handles the endpoint response. Should I do something in my app (i’m using @auth0/auth0-spa-js package and not calling authorize directly)