I have 2 different clients, one for managers, admins and owners in on client and just normal users, aka employees in the other. Admins and managers can be employees however I would like them to be able to use their admin email with the employee app How would I have different roles for the different clients with the same email and use the same database connection? My first thought is a rule to remove roles on the tokens if it was a certain clientid. Would this approach work or is there something better?
Just to make sure I understand, it sounds like you have 2 applications in which the same user could have a different role in each.
One option would be to make roles specific to each application, similar to the answer to this topic: Create same 'roles' in different applications