Maybe I'm not understanding your question because my answer is kind of the same.
What do you mean by web portal?
In general:
If you plan to share your services publicly, you do not need individual users or groups. You can share your services and web maps that reference services with everyone. Then you might build web applications that access these services/web maps. Because they are publicly shared, there is no security.
If you want to restrict access to your services, then you need to allocate one user in your organization for each person that needs to access the services. You control access to services and other items, by adding the services to groups and inviting particular users to join the group. Anyone in the group will be able to access those services.
You also mention clients. I am not sure in what way you are using this word... If you are building an application for another company, then that company must purchase a subscription as well and allocate users in their subscription. In this case, that company's subscription would host the services.
Hope this helps,
Mike