Hi Gregor, Replied to list as well. La 25.07.2019 19:43, Gregor Tudan a scris: Yes, that is what I am proposing. In our application we thought about using scopes like: `account:123` . For the list if accounts there should be another API that will list all of the realms the current user has access to. I'm pretty sure the server side implementation should be simple. So the Admin WebApp  will probably need some work and be prepared like this: - use authenticates ( in a realm or in master ?! ) - Admin WebApp calls the list-accessible-realms API - Admin WebApp displays the list of accessible realms - User selects an account to manage - Admin WebApp gets a token for that realm and uses it for the calls You could look at it as two web applications: The realm selector and the realm manager. In this case the realm id (and the token to access it) is internal state for the realm manager application. Regards, Eugen