How can I make the multi tenant app secured

AgatSaaS 26 Reputation points
2020-03-23T07:18:26.683+00:00

Hello Everyone,

We want to use the multitenant app so our customers wouldn't have to configure them on their own, thus saving us time.

Each customer will have its own administration site (each URI is listed in the Redirect URI section) and secret.
I have noticed that the secrets and the URIs and not linked to each other meaning one customer can gain access to other customer resources.

How can we make secure?

Thank you,

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,180 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,158 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,631 Reputation points Microsoft Employee
    2020-04-07T05:28:35.007+00:00

    Hi Agat,

    Check out this document:

    https://learn.microsoft.com/en-us/azure/architecture/multitenant-identity/

    It goes over some of the security considerations you will need to consider.

    You can store secrets in Key Vault for better security, enabling you to safeguard cryptographic keys and other secrets used by cloud apps and services

    https://learn.microsoft.com/en-us/azure/architecture/multitenant-identity/web-api
    https://github.com/uglide/azure-content/blob/master/articles/guidance/guidance-multitenant-identity-keyvault.md

    0 comments No comments