Different organizations Login with microsoft

Dear fellow devs,

We’re currently creating a SaaS for bigger companies, mainly focussed on companies that use the MS AAD. We would like our app to be displayed on different subdomains, for example:

We managed to connect our own test tenant to the auth0 tenant, so we’re able to log in into our app by using our MS AAD.

We were wondering what the tenant setup would look like within auth0 (and MS AAD) if we would want to enable logins per company and per domain. Meaning, the users from company1.oursaas.com can only log in over that specific URL and won’t be allowed to log in over another companies URL.
It seems like the most used solution would be that users should be able to log in over their companies own MS AAD tenant through the subdomain provided by us, then we would connect their MS AAD tenant to our Auth0 tenant.

For now, it looks like we’re having 2 options:

  1. connecting the individual company MS AAD tenants to multiple Auth0 tenants (or is it possible to do this all within one Auth0 tenant?) and therefore giving each company access over their own subdomain.
  2. creating a multi-tenant in MS AAD and connecting this to Auth0, limiting the login option per subdomain based on the company from within our own MS AAD.

We’re unsure what the standard would be within Auth0 to connect these tenants, and what the tenant setup would look like when there are multiple companies included. Any help is appreciated!
Any additional or clarification questions are also more than welcome!