Azure multi tenant microservice architecture and many app registrations

Dan 0 Reputation points
2023-01-28T15:31:40.0166667+00:00

Let's say I have a multi tentant microservice architecture fronted with an API gateway of which a client app calls to access the microservices behind. Let's say it's grown to a complex system that has 50 microservices all needing user identity/authentication. Therefore each microservice web API has a multi tenanted app registration assigned to it. As these are multi tenanted app registrations these will become enterprise apps in the tenants AAD, in this case there would be 50. This would clutter up there AAD I feel, also would it give away some internals workings of our system. Is this there correct way and we should accept they will have 50 enterprise apps in there AAD or am I missing a trick?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,148 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,848 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,418 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 55,196 Reputation points
    2023-01-30T17:15:27.0666667+00:00

    it would make more sense to have a proxy app that called all the other services. then your tenants would only need to authorize this app for each of their users.

    the proxy app would authenticate to the other apps with its own device account, but would include the verified user token in the requests as a parameter or additional header.

    0 comments