account.rb

class Account
  include Mongoid::Document
  include Mongoid::Timestamps
  
  field :subdomain, :type => String
  embeds_many :users
  accepts_nested_attributes_for :users
  
  validates_presence_of :name, :subdomain
  validates_uniqueness_of :subdomain, :case_sensitive => false
  validates_exclusion_of :subdomain, :in => %w(www support media admin help), :message => "%s is reserved"

  validates_each :users do |document, attribute, value|
    users = value.to_a
    unless users.any? && users.all?(&:valid?)
      document.errors.add(attribute, :invalid, :value => value)
    end
  end
end

user.rb

class User
  include Mongoid::Document
  include Mongoid::Timestamps
  
  embedded_in :account, :inverse_of => :users

  devise :database_authenticatable, :recoverable, :rememberable,
    :authentication_keys => [ :email, :subdomain ]

  def self.find(*args)
    options = args.extract_options!
    user_options = Hash[*(options[:conditions] || {}).map { |k, v| [ :"users.#{k == :id ? :_id : k}", v ] }.flatten]
    if account = Account.find(*(args + [options.merge(:conditions => user_options)]))
      account.users.detect do |u|
        options[:conditions].all? { |k, v| u.send(k) == v }
      end
    else
      super
    end
  end

  def self.find_for_authentication(conditions={})
    if account = Account.where(:subdomain => conditions.delete(:subdomain)).first
      account.users.detect { |u| u.email == conditions[:email] }
    else
      nil
    end
  end
end

@djfobbz: I'm not in a position to answer questions about your problem domain. This was a good fit for me, since in my app I always had access to the current account and so all the user stuff was scoped to that account and loaded automatically, and there weren't many users per account.Your mileage may vary.

I've documented an alternative approach here. I'd be interested in any comments, criticisms, suggestions, etc.