So what you are asking for is really "delegated administration". It's a requirement about how to manage the data about users (like with what organization a person is affiliated), and how to enable an organization administrator to manage a sub-set of user's data. At a high level, delegated administration is an "Identity Management" (i.e. "IDM") requirement, while the Gluu Server is an "Identity and Access Management" (i.e. "IAM") platform. You probably also need some governance features, like a periodic review of which users have which permissions ("access certification"). These features are know as "IAG"--identity and access governance.
These three systems, IDM, IAM, and IAG work together, but each system addresses different (but related) requirements. IAM platforms like the Gluu Server deal with runtime--things like presenting the login page, issuing access tokens and identity assertions (i.e. the id_token in OpenID Connect).
The Gluu Server is a "consumer" of identity information. Just a guess, but as your requirements are somewhat business specific, it will probably make sense to build delegated administration into your application. The website that does this can use the SCIM Rest API to search, add, edit and delete user information. Your delegated admin application will add the right filters (for organization) and populate the right data based on the organization for which the admin is authorized to transact.
Ultimately, you can keep the users "flat" in the Gluu database, as long as each user entity has the right information about organization affiliation and permissions.
I hope that helps. I'm going to close this issue because it's a design question, not a feature or bug in the Gluu Server.