We originally took this route with Keycloak. The idea that Keycloak
could be a SAAS...But we decided that the best way to deploy Keycloak in
the cloud would be to create a cloud instance of Keycloak per
organization. In Red Hat OpenShift terms: Keycloak would be a
cartridge and the organization could opt to install it within their
cloud account.
The reason for this is to isolate one paying customer from a different
one. You probably don't want them sharing database instances, IP
addresses, etc.
If that is not possible, we can discuss other possibilities. Right now
though Realm is a completely isolated unit. Users belong to one realm
and one realm only.