Hi there,
Thank you for reaching out to us!
Reading through your message, I wanted to provide some information here in case it can help others as well. The exact flow that you described cannot be accomplished due to the way Social Logins work, which does persist even if you wish to set this up through Organizations. Even though Social Logins can be added to Organizations, you cannot enable/disable Signup as you can with Database Connections.
As a workaround, you can utilize a Post-Login Action to deny user access based on their email domain. This way, users can sign up as usual, but can be denied access afterwards ( it is unavoidable that they create an account for the Post-Login Action to work).
Another option could have been to use a Pre-User Registration Action, but it only works for Database and Passwordless Connections.
Hope this helped!
Gerald