Update OWIN context after start-up for multi-tenancy to add/update/remove SSO authentication providers

Question

I need the ability to add/update/remove auth providers in the OWIN context (IAppBuilder?) after startup so clients can add/update SSO details and them be applied immediately without needing to restart which will impact everyone.

The providers are set in (cut down version):

public class IdentityConfig
{
    //public DynamicProviderManager _dynamicProviderManager;

    public IAppBuilder _app;

    [Ninject.Inject]
    [Ninject.Named("IDocument")]
    public Services.Documents.IDocument document { set; get; }

    public void Configuration(IAppBuilder app)
    {
        // Create dictionary for creating each authentication type 
        Dictionary<string, Action<authenticationProviders>> authenticationHandlers = buildAuthenticationHandlersDictionary(app);           

        string tenant = ConfigurationManager.AppSettings["tenant"]?.ToString() ?? "";

        app.CreatePerOwinContext(() => new UsersContext(tenant));
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);           

        UsersContext usersContext = new UsersContext(tenant);
        AdministrationContext administrationContext = new AdministrationContext(tenant);

        // Get auth providers and filter based on current entity
        List<authenticationProviders> authenticationProviders = getProviders();     

        // Loop through the auth providers and using the dictionary to create the authentication for each 
        foreach (var i in authenticationProviders)
        {
            if (i.provider == null || !authenticationHandlers.ContainsKey(i.provider.ToUpper()))
            {
                continue;
            }

            authenticationHandlers[i.provider.ToUpper()].Invoke(i);
        }

        string sqlConnectionString = ConfigurationManager.ConnectionStrings["SignalRConnection"].ConnectionString;
        app.MapSignalR();

    
        //_dynamicProviderManager = new DynamicProviderManager(app, authenticationHandlers);
        _app = app;
    }
}

IdentityConfig is scoped as a singleton in NinjectWebCommon.cs RegisterServices():

kernel.Bind<IdentityConfig>().ToSelf().InSingletonScope();

I pass IdentityConfig to a controller class, but it is always a new IdentityConfig with _dynamicProviderManager or _app always being null, rather than the instance of it which ran at startup.

'System.Web.HttpContext.Current.GetOwinContext().Get();' also returns null.

Some places suggested a "Dynamic" ProviderManager, which is tried, but as the instance of IdentityConfig available in the controller isn't the same as the one ran at startup this resulted in null for _dynamicProviderManager