I've been tasked with setting up FreeIPA for my company. What we are looking to do is have multiple "admins" that can only manage and see the users that belong to their team. For example, we have three organizations in our company orgA, orgB, orgC. I want to appoint a manager from orgA to be able to create and edit users and groups that belong to orgA, but not be able to see anything that belongs to orgB or orgC. I found some documentation on the FreeIPA website, but it only appears to be a concept?
If anyone else has accomplished this or can confirm that it's just not possible, that would be helpful.
There is no support for multitenancy in FreeIPA and there is no plan to implement it. Separate organizations need their separate deployments.