As an MSP, I would like to be able to provision admin and self-service access to my customers within platform9 management console and ensure that they only see the hosts, users, clusters and data that are theirs. The idea is complete isolation / mutli-tenancy in the UI.
When I apply the admin role to a user they seem to become an admin across my whole platform9 managed cloud. I would prefer that they're just an administrator across the tenant in which I created them.
Tenants can share a single SSO IDP provider but should not be able to see users/groups from other tenants.