Thanks much for the feedback. The problem was that populating the organization id with the login was not working as expected, largely because the actual url is not the one we display in the app. When I had the parameter configured correctly, it worked as expected.
As I understand, the first time a user connects these actions trigger: pre-user-reg → post-user-reg → (login-flow) → post-login.
The pre-registration action references event.client, but does not provide insight to org. The only options for metadata are client and user, and request doesn’t contain additional info either. Client is application in this parlance, so I am not sure how to pass the organizational context upon connection.
In our use case, we are trying to configure an Okta tile that will identify the application and the appropriate org for the user’s context. The goal is that the user store for each org would potentially need to be different, and I need an additional connection variable to my APIs available during this flow (I’ve been storing it in org metadata, as multiple orgs can use the same app, but their related permissions would be different in our APIs). What is the best practice for this use case?