One of these days I had a challenging request: create a “multi-tenant” sharepoint app using a single instance and the same Active Directory.
This application was supposed to allow several companies to use a specific part of it.
For scalabilty reasons it was decided that this segregation could not be done at web application level – what would have made things easier- so the separation will be done at site collection level.