Multi Domain SaaS-Platforms on Azure - how to map custom domains?

Question

Multi Domain SaaS-Platforms on Azure - how to map custom domains?

Benjamin Abt 0

Today, we have a platform that we make available to customers via their own path example.com/customerA.

To do this, we have an ASP.NET Core-based platform on an App Service behind a Frontdoor. So it's a SaaS platform from the customer's perspective.

We have more and more customers who would like to use their own sub-domain. However, we cannot find any best practice in the Azure Architecture on how best to implement this for a SaaS platform.

-> The Azure App Service has a limit of 500 domains; the setup requires DNS records at the Azure level, which the customer then has to validate. If we change something on the backend, then all customers would have to validate their DNS entries themselves at the same time. This is not reasonable.

-> Same problem with the front door

-> App Gateway has similar limitations

We have looked at other services such as Rebrandly (URL Shortener Service), which have identical requirements for their platform. An infinite number of customers can map an infinite number of domains to the service and the service then interprets the requests itself.

I cannot find an Azure service that responds to CName requests that are not stored directly at Azure level. The app service also only listens to the domains and CName entries that are stored and validated. We see that customers on AWS are using Route 53 here.

If we look at the equivalent on Azure with Azure DNS, we see no support for this scenario.

What is the story on Azure for custom domain SaaS platforms where we can do the CName validation ourselves or the service accepts all CName requests?

1 answer

Your answer

Answer 1

Shree Hima Bindu Maganti 4,775 Microsoft External Staff Moderator

Hi @Benjamin Abt ,
Thanks for the question and using MS Q&A platform.
To implement custom domains for a multi-tenant SaaS platform on Azure, you can consider using Azure Front Door. Azure Front Door allows you to manage custom domains and supports various domain types, including subdomains, apex domains, and wildcard domains.

You can add custom domains to your Azure Front Door profile. Each domain requires a DNS TXT record for validation and a CNAME record to route traffic to Azure Front Door. This setup allows you to manage traffic effectively while providing your customers with their own domains.
If you anticipate a large number of customers, using wildcard domains (e.g., *.yourdomain.com) can simplify the configuration. This way, you can route traffic for any subdomain without needing to configure each one individually.
Azure Front Door can manage TLS certificates for your custom domains, which can streamline the onboarding process for new customers. You can either use Azure Front Door to issue and manage certificates or allow tenants to provide their own certificates.
While Azure App Service has a limit on the number of custom domains, Azure Front Door can help mitigate some of these limitations by allowing a single instance to route traffic to multiple domains.
You can add a domain name to your Azure Front Door profile before making DNS changes, which can help avoid downtime during migration or onboarding.

While Azure does not provide a service that accepts all CNAME requests without validation, using Azure Front Door with wildcard domains and proper DNS configuration can help you achieve a scalable solution for your multi-tenant SaaS platform.
ref:
Use Azure Front Door in a multitenant solution

Domains in Azure Front Door

Wildcard domains in Azure Front Door (front-door-standard-premium)
Let me know if you have any assistances.
If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.

Benjamin Abt 0 Reputation points

2025-02-03T15:50:34.6566667+00:00

Thank you for your answer, but I don't think it was clear what I meant.

The customer should be able to map his own custom domain without administrative interaction on our side. This is a standard scenario, as can be found with thousands of services, for example Rebrandly.

There are corresponding best practices in AWS or Cloudflare, but you won't find anything about this in the Azure documentation.

We cannot use Azure Frontdoor for this scenario. If we were to change something on our Frontdoor instance, thousands of customers would have invalid DNS entries and thousands of customers would have to re-set everything.

We also do not have wildcard domain. The customer brings his own sub-domain of his own domain with his own DNS management.

There must be an Azure service that covers this scenario, no? Or is it really the case that you have to host your own gateway on Azure on an Azure VM?
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator

2025-02-03T17:34:30.5866667+00:00

Hi @Benjamin Abt ,
Thankyou for your Response!
To implement custom domains for a multi-tenant SaaS platform on Azure without requiring administrative interaction on your side, Azure Front Door is typically used. However, as you mentioned, it may not fit your specific scenario where customers manage their own DNS records and subdomains.
Azure Front Door does support the addition of custom domains, including subdomains and apex domains, and requires DNS TXT and CNAME records for validation and routing. However, if you prefer not to manage configurations that could affect multiple customers, you might consider using Azure Static Web Apps. Azure Static Web Apps allows you to point a custom domain to your site, and it automatically creates free SSL/TLS certificates for both autogenerated and custom domains. This can facilitate the process for customers to map their own sub-domains without requiring changes on your side.

However, if you are not using Azure Front Door and do not have wildcard domains, you would need to ensure that customers can manage their DNS records independently. This typically involves them creating CNAME records that point to your Azure service.

If your scenario requires more control and customization, hosting your own gateway on an Azure VM could be an alternative, but it may involve more complexity and management overhead.
references:
Custom domains with Azure Static Web Apps

Enable custom domains in Azure Active Directory B2C (b2c-custom-policy)
let mi know if you have any further assistances.
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator

2025-02-04T17:40:44.44+00:00

Hi @Benjamin Abt ,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.
Shree Hima Bindu Maganti 4,775 Reputation points Microsoft External Staff Moderator

2025-02-06T01:04:21.0533333+00:00

Hi @Benjamin Abt ,
Following up to see if you have chance to check my previous response and help us with requested information to check and assist you further on this.

Share via

Multi Domain SaaS-Platforms on Azure - how to map custom domains?

1 answer

Your answer