Hi @Sanya Anishchik • Thank you for reaching out.
If users from mobile want to call Function API, I don't think it is a good idea to create 2 different Azure AD B2C tenants because users in tenant1 won't be able to access applications in tenant2. In that case, you would either be required to add applications to tenant1 as well or provision/signup the users in tenant2. Which will eventually defeat the purpose of having 2 different user stores with access to their respective applications.
I would suggest you use the same tenant for both types of users and create a custom attribute e.g. employeeType and set the value of this attribute to Admin for administrators and User for end users. Your application should then perform authorization based on the value of this attribute to allow or deny access.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.