Ah, I see now. I’m not referring to Auth0 Tenants - we have (and are) a single Auth0 Tenant. My application itself is multi-tenant internally. So, each customer (business) has their own “protected” space even though it’s all running within the same application.
Often with SaaS products this is done with a unique subdomain per customer (i.e. cust.yourdomain.com) but our application is served from a single domain. Since Users are onboarded to a single Auth0 Tenant, I then need a way to know which user(s) go with which Tenant(s) on my side. Hence, our Role naming scheme of TENANT.role_name.
I’m not sure there’s a great way to handle what we’re doing at the moment, but we have seems to work okay. I’m just concerned about the longer-term growth of the number of Roles/Permissions.