I think the best option would be to load the SMART app using the embedded browser. Then provide a link to the user to click or automatically trigger the API via onload to open a new browser on the user's computer. We have that API today to open a new window on the user's computer.
To achieve SSO, your would need to have a SMART App launching within the patient's context, which will provide you with the Patient ID, which can then be queried to retrieve MRN. MRN won't be passed as direct context.
Once the App is launched, you can use
APPLINK to redirect the user to your site.