Modelling keycloak for a multi-merchant SAAS application

I need some advice on modelling my application. I am building a SAAS application which will be used by multiple merchants. Each merchant will have a super user which can do all actions, and some admin users, and others will be associates which will have least power.
So there will be multiple merchants, some of them will be small sized merchants, which will simply login from my web interface and do some actions there.
Then others will be big merchants which will call our APIs, and may have their LDAP or other user directory systems

How do I model this?
I know I will control type of user using role (super, admin, associate). But what about each merchant? Will each merchant be a different client, group or realm?

A "merchant " is a “realm”。