I’ve personally gone with 1) above, but using mizzao:partitioner instead of manually putting my own organization_id on every record. It works really well and once each new user is correctly assigned the correct ‘group_id’ you can write all of your pub/sub & methods as if each organisation had their own database. This eliminates the risk of forgetting to manually use the group_id in every new pub/sub/method and allowing data to be exposed.
It looks like mizzao:partitioner hasn’t been updated for a while but it works really well for me on Meteor 1.4.2. I’ll be trying 1.5 soon… Working in production here: https://www.virtualinout.com/
I was initially going to use sub-domains as you are planning to do, but in the end that made SSL much more expensive (compared to lets-encrypt which is free and automatic but doesn’t support wildcard SSL). In my case the Admin for each organisation has to add/import their own users, and thanks to mizzao:partitioner all imported users automatically inherit the ‘group_id’ of the admin. In the end I dropped the subdomain.
Another benefit of having everyone in the same database is that as the developer you can see all the data from all the different organisations in your own admin panel (or ‘root panel’ as mine is called). You can then assign to yourself the ‘group_id’ of any of the organisations and use the app as if you were part of that organisation.