Share via

How can I make the multi tenant app secured

AgatSaaS 26 Reputation points
2020-03-23T07:18:26.683+00:00

Hello Everyone,

We want to use the multitenant app so our customers wouldn't have to configure them on their own, thus saving us time.

Each customer will have its own administration site (each URI is listed in the Redirect URI section) and secret.
I have noticed that the secrets and the URIs and not linked to each other meaning one customer can gain access to other customer resources.

How can we make secure?

Thank you,

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator
    2020-04-07T05:28:35.007+00:00

    Hi Agat,

    Check out this document:

    https://xtls-v4.hkg1.meaqua.org/en-us/azure/architecture/multitenant-identity/

    It goes over some of the security considerations you will need to consider.

    You can store secrets in Key Vault for better security, enabling you to safeguard cryptographic keys and other secrets used by cloud apps and services

    https://xtls-v4.hkg1.meaqua.org/en-us/azure/architecture/multitenant-identity/web-api
    https://github.com/uglide/azure-content/blob/master/articles/guidance/guidance-multitenant-identity-keyvault.md

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.