![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 93%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
25,149 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@AMBAR RAY Thank you for reaching out to us, as this is more of design ask adding Azure SQL DB tag as well for more visibility and inputs on your requirement.
Designing a multi-tenant SAAS application in Azure requires careful consideration of data isolation and security. Here are some pointers to help you get started:
- Use a separate database for each tenant: One of the most common approaches to data isolation is to use a separate database for each tenant. This ensures that each tenant's data is completely isolated from other tenants. You can use Azure SQL Database or Azure Cosmos DB to create separate databases for each tenant.
- Use a tenant identifier: To ensure that each tenant's data is stored in the correct database, you should use a tenant identifier. This identifier can be a unique ID or a domain name associated with each tenant. You can use this identifier to route requests to the appropriate database.
- Use Azure Active Directory/Entra ID for authentication and authorization: Azure Active Directory (Azure AD) provides a secure and scalable way to manage authentication and authorization for your SAAS application. You can use Azure AD to authenticate users and authorize access to tenant-specific data.
- Use Azure Key Vault for secrets management: Azure Key Vault provides a secure way to store and manage secrets such as connection strings, API keys, and certificates. You can use Azure Key Vault to store tenant-specific secrets and ensure that they are only accessible to the appropriate tenant.
- Use Azure Storage for tenant-specific files: If your SAAS application requires storing files such as images or documents, you can use Azure Storage to store tenant-specific files. You can create a separate container for each tenant and ensure that each tenant can only access their own container.
- Use Azure Virtual Networks for network isolation: Azure Virtual Networks provide a way to isolate your SAAS application's network traffic from other Azure resources. You can create a separate virtual network for each tenant and ensure that each tenant's resources are only accessible within their own virtual network.
- Use Azure Policy for governance: Azure Policy provides a way to enforce governance policies across your SAAS application. You can use Azure Policy to ensure that each tenant's resources are compliant with your organization's policies and standards.
Reference links:
https://www.youtube.com/watch?v=dd7W_kMh-z4
https://www.youtube.com/watch?v=FhUuT2YgEEU
Let me know if you have any further questions, feel free to post back.