Hi all, I'm contacting you to try to enlighten our conception worries. We'll be using the latest Keycloak version. Our users are linked to firms with different roles in each firm, basically founders and members. Potentially, there would be up to 100.000 firms registered (we hope so! :) ). We envisioned two solutions: - using groups: each firm is a group that includes a group for each roles, one of the group would be able to add users in the other groups (possible?) - using clients: each firm is a client that has its specific roles, only users with role "founder" can grant the client's roles to other users (possible?) At first we wanted to use Keycloak SPIs to manage that but we'll probably have to build our own back-office and use REST requests. Which option would suite our case best? Is there a limit for groups or clients in Keycloak? And how would you handle application based roles? or is it better for each application to handle them internally? Thanks, Thierry.