How do you structure your identities?

I’m looking at a Greenfield deployment and I’m having some analysis paralysis.

The system will be for multiple tenants (customers) and will be almost entirely tunnels to dark services (if I have that term right) and device identities, mostly windows desktops as clients.

I would like to have a structure that allows for easy visual identification of devices, like ‘sally-desktop.customername.ziti’ so I can use services with wildcards like ‘*.customername.ziti’

I would also like role attributes that are also easy to identify.

How do you name identities?
How do you name attributes?

Not sure you’ll find any hard/fast answers on this one but I wanted to provide some feedback/thoughts. If it were me, I’d namespace the identities and attributes in a similar fashion. I would probably use the customer name first for attributes, that way they can be sorted logically customer1_hr, customer2_hr, customer2_devs, etc. The identity names I think you’ll have to stick to the scheme you already identified. TBH though, I’ve not done this myself other than my own tinkering. You might have to try it out to see how it feels.