Azure B2C multiple local accounts groups
In our company we have several brands, each with its own website. Each brand has a separate set of user, so credentials are not shared among brands.
For instance, we have brand X and brand Y. A user can sign up for X to sign in and browse website X but not site Y. If the user wants to sing in in website Y, she/he needs to do another sign up in site Y, resulting in having two credentials (one for A, one for B).
This is desired for our business because products / services in the different brands are not the same and we do not want to mix them.
However, the backend APIs are shared, so we want tokens obtained from both brands to work in the APIs.
How is the best way to achieve this in Azure B2C?
We have thought about creating a tenant per brand / group of users, but we have 17 different brands, so this means 17 different tenants, 17 different app registrations and having to register all our APIs (about 25) on each of the tenants.
Besides, this also means configuring checking several users in each API.
Is this the best way to go?
Cannot this be achieved with a single Azure B2C tenant and adding some kind of division in the user flows/policies?