True multi-tenancy is not supported.
> is it possible to assign users to a SP in the way that only those users can access a particular SP?
You could achieve this by using a reverse web proxy to manage access to specific websites and APIs.. for instance, to access `../app1/*` user must have the `company1` scope.
> is it possible to seperate the user data of the different companies in the way that each company has its own storage (ldap?) and may each have it's own backup interval/strategy?
No easy out-of-the-box strategy for this.