To implement SSO for external users that are not part of your main identity provider, consider these options:

1. Federation: Establish a trust relationship between your identity provider (like Azure AD) and the external organization's identity provider. This allows external users to log in using their existing credentials.

2. Identity Brokering: Use a service that acts as an intermediary to authenticate users across different identity systems. This is useful if external users come from multiple organizations with different identity solutions.

3. Guest Accounts: Create guest accounts within your identity provider that external users can use to access your system.

For each method, ensure you maintain security standards, such as using OAuth2.0 or OpenID Connect for secure authentication flows.

Thank you so much for this insightful information Thierry! :)