Thanks for the link! I will go through it.
The reason I need Client and Project:
We have 5 applications that will user Auth0 as SSO. Based on Client, Project, and User Role assigned to user the user will or will not have access to an application.
So, when the user signs up, he selects the Client and Project he belongs to (these are all internal applications). With this, in combination with the role that an admin assigns to him, he may have access to Application 1 but not to Application 2, which would be handled through Rules.
The Rules part is not completely ready yet though and have a query there as well which I have posted in another question 