Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

If I use Hydra and Kratos (plus maybe Keto). Is there a feature to restrict access of a client to a certain group of people? I.e. that not everybody who is in the Kratos database can log in via Hydra?
I guess that this would require a call to another service at one point in the flow. Therefore, this might be related to my question from above.

It is all about managing multiple tenants with a central Ory stack.

I guess that this is quite relevant. Even for your Ory Cloud I suppose that something like this would be required. At least, if you have a central Hydra/Kratos instance for all different client organizations. Is there a way to implement this?