Hey there @authenticated!
Unfortunately the documentation is lacking a bit, but I believe the easiest way to think about this is to think of strategies as providers - That is auth0 , google-oauth2, facebook, etc. In the context of a domain level connection, it looks as though only 1 connection of each strategy is allowed. You are allowed to have multiple tenant level connections of the same strategy.
Just adding the following for context on tenant level vs. domain level connections:
Hope this helps to clarify!