I've posted the same question here.

I need to develop a internal-use website for multiple Google workspace tenants, which I have administrative authorizations.

The problems is Sign in with Google feature does not offer authorizaitons for multiple google workspaces for internal.

Is this possible to implement a website for internal-use and only allow specific, multiple Google workspaces?

Those Google workspaces are all separated. For the internal feature, I am planing to use the AWS's ACL.

Based on my research, it looks like Google provides an authentication mechanism for managing-multiple-organizasions under a primary organization, which I have never used.

Or, do I have to use 3rd party identity provider, which I am not sure if such exists?

I am not even sure if I should think of this website as a multi-tenant website, since multiple Google workspaces tenants means there are multiple IdPs.

I really appreciate if anyone can guide me to go on a right path (which approach I should take).