As per the document: How vCenter Server Identity Provider Federation Works, when using an Enhanced Linked Mode configuration with Okta, Microsoft Entra ID, or PingFederate, the vCenter Server that hosts the VMware Identity Services (VIDB) must be available to all other ELM nodes.

If the hosting vCenter is down or unreachable, federated logins to the other vCenters will fail.

VMware vCenter Server 8.x

As referenced in the document: How vCenter Server Identity Provider Federation Works, this is expected behavior and a known limitation of using ELM and VIDB hosted on vCenter.

Only one vCenter hosts the active VIDB container even when ELM is configured. If VIDB on it is not reachable, federation will not succeed on the other vCenters. The federated user authentication will redirect to the federated identity login page, but since this is an indirect federation, the provider redirects to the VIDB on the hosting vCenter. 

Options below are viable in mitigating the current scenarios:

• If temporary outage, continue logging in with local SSO (vsphere.local) users.
• Upgrade to VCF 9.0 and use VIDB appliance - Deployment Modes of the VCF Identity Broker
• Use vCenter HA - vCenter High Availability

For more information: vCenter Server Identity Provider Federation and Enhanced Linked Mode.