An employee should have an association to one (or many) clients in your data model. Then, on a page where the administrator can edit the employee, you can add a reference selector (or reference set selector if many-to-many) that sets that association between employee and client.
Then, you can use that same association in the domain model security settings, in order to limit access for the employee so they can only see clients for which they are configured.
All of this is possible without using a microflow. If you have any questions, please update your question here with more details about what you're trying to accomplish and what you've already tried.