Is it possible to have separate certifications for companies that use the organization and not use the organization?

We are developing a B2B product and so far we have created one Database Connection with one tenant and managed all users with email address and password authentication.
However, some companies need to use MFA or SSO, so we are thinking of using the organization feature.
We have made the following new settings.

  1. For some of the companies, we have prepared an organization and added users to the members.
  2. We created a new Single Page Web Application to provide a separate form to display the Organization Prompt, while keeping the existing login form, and configured it to be accessed as a member of the organization.
  3. The Database Connection used by the organization was enabled to use an existing one.
  4. We have switched the Auth0 clientId used by our SinglePageApplication to that of the application for the organization if the URL contains a specific query parameter.

As a result, when we used the new application above in our React app, it worked fine up to the point where the organization prompt was displayed and we could log in with our email address and password after entering them.
However, the following two problems occur.

  1. When a query parameter for authentication is attached to the URL immediately after login, the isAuthenticated value returned from React’s useAuth0 becomes true, but it immediately redirects to a URL without the query parameter and the isAuthenticated value becomes However, it immediately redirects to the URL without the query parameter and returns to the login form because isAuthenticated is set to false.
  2. It is possible to log in using the login form of an existing application without an organization prompt, but this should be rejected.

Can you please tell me how to solve the above problem or any other best practices?