Today I want to give you an idea about the current development in privacyIDEA. You may like privacyIDEA because it is probably the most flexible and extensible multi factor authentication system due to its sophisticated policies and event handler framework.
But I just pushed a small enhancement in regards to the policies, which my ease your life. You are now able to not only define policies based on realms, resolvers and list of users, but you may also use regular expressions for the users in policies. This will be part of privacyIDEA 2.18 which is scheduled for midth of March 2017.
This way you do not need to rely on the user realms and user resolvers. You can also specify, that a certain policy should be bound to all users matching customer_.* or admin_.*.
This can help to ease things, since you do not need to split up a realm into many resolvers.