Is it best to have 1 database and 1 client?
I would recommend multiple clients with a single database. Then you can have a client association in app_metadata and approve/deny authorization in Rules based on the client_id(s).
Should we break individual tenants into their own databases? How does this affect cost?
Auth0 doesn’t cost you for a number of connection however, for users that will be part of more than a single tenant you’ll need to create the profile in both the databases. Which will create 2 profiles, passwords and so-on. I’d recommend that if that is exactly what you want, however storing them with the tenant information inapp_metadatais a great alternative.
Any other concerns about users that can log into multiple tenants?
None OTOH.