Is B2B IDP-Initiated SSO supported with SAML signature verification

Question

I'm evaluating MS Entra ID as an Auth Service Provider for an app we recently ported into Azure. Our clients currently use IDP-Initiated SSO to authenticate their users with our application. The flow today is a user authenticates within our client's portal. The user navigates to our app from the client's portal. The client portal posts a signed SAML response to our app where we identify the client/tenant and use their configured public key to verify the SAML signature. Finally, we verify SAML assertions and provision the user with the specified role.

We are looking to implement a similar flow using an Auth Provider (Entra ID), where our clients can post their SAML to Entra, where SAML is verified and the user is provisioned. Entra would then redirect to our application. The idea is to provide a seamless transition from our clients portal into our application as well minimizing the changes the client would need to do. Can Entra support a flow like this? We have hundreds of tenants/clients, and each one would have a unique public key used to verify their SAML Responses. My best guess is we would create an AD for each of our tenant/clients. Each AD would contain users for that tenant. Within the AD we would configure access to our application and setup necessary certs to verify incoming SAML. If this is the case, would each client have a unique endpoint for their AD, where they POST their SAML response to.