General oidc login instead of specific provider

So I understand, and have implemented the whole oidc login with provider scenario. However, someone asked a question that I couldn’t answer

As an example, allows you to connect Azure AD and login using that

But - this is where my brain fries - this is an online SaaS app where they have potentially thousands of different customers, each with their own AD provider

So when I login with Cloudsmith, my “Login with Azure” disalog from MS appears, and I log in. How does cloudsmith then know which AD provider to use to authenticate / validate

Would it be possible to use this workflow with vault and some scripting ?

Or would it be possible to extract the authenticated jwt from the oidc login and pass that to vault ?