Where should I register entra id application for external tenants?

Siarhei 0 Reputation points
2024-06-16T09:01:21.3166667+00:00

Hello, I have a question

I have an application that we are developing for multiple customers. This differs from the usual multi-tenancy case because some customers want their own domain (customer.app.com). Therefore, I'm unable to register a multi-tenant application on my side. We are considering registering the application on the customer's tenant, but I have some concerns about this approach. As a developer, I would not have access to the application registration settings in that case.

Do you have any recommendations on how this should be implemented properly?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,555 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 6,615 Reputation points Microsoft Vendor
    2024-06-17T10:51:28.1+00:00

    Hi @Siarhei

    Thank you for posting this in Microsoft Q&A.

    In many multitenant applications, a domain name can be used as a way to identify a tenant, to help with routing requests to the correct infrastructure, and to provide a branded experience to your customers. Two common approaches are to use subdomains and custom domain names.

    To know more details about domain names in a multitenant solution

    Subdomains

    Each tenant can be assigned a unique subdomain under a common shared domain name, using a format like tenant.provider.com. Contoso that provides a product to manage invoice generation for its customers. Each of Contoso's tenants can be assigned a subdomain under the contoso.com domain name or under regional deployments like us.contoso.com and eu.contoso.com. These subdomains are referred to as stem domains, and each customer gets their own subdomain under the stem domain.

    Custom Domains

    To enable your customers to bring their own domain names. Some customers see this as an important aspect of their branding. Custom domain names might also be required to meet customers' security requirements, especially if they need to supply their own TLS certificates.

    If your customers want their own domain (customer.app.com) go with custom domain approach.

    For your reference: Managing custom domain names in your Microsoft Entra ID

    Follow the steps provided in this document to obtain resources for architects and developers of multitenant solutions: https://learn.microsoft.com/en-us/azure/architecture/guide/multitenant/related-resources#identity

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments No comments