The Ivanti Console is sort of an interface to the database. Is there 1 or 2 core's involved? Two Ivanti core's you would change the core name at the login prompt to the console. Then it's somewhat of a matter of resolution and authentication. If the core is on one domain and the clients are on another then permissions on the COM+ objects can be problematic when they are used but most agent communication should work assuming the core can connect. A domain trust may be needed.
If all the clients are managed from one core then you may use a scope and two users. You'll have to close and relaunch the console as the different user of course but the scope will only show the devices it's configured for.
Yeah ... Truffles recommendations are spot on here. Can't really think of another graceful solution here.
There's (technically) the TENANT concept, but that requires a CSA ... and at the end of the day, either a "2 Cores" or a "1 Core, but separate users with separate scopes" may be easiest to deal with it. (The latter would still allow admins to keep a "see everything" option, so central reporting is still doable for instance).
Logical separation in one way or another woudl be the best way forward?
If you need to have "separate security" because of political / legal reasons, then you'd want to go for a 2 Core Servers approach (essentially Core A with Cert A can't manage Core B's clients, should they ever get in there by some accident or whatnot).
Does that help / answer your question?