Multi tenant microservice architecture using azure AD

Question

When developing a microservice mutli tenant architecture there will be many APIs for each service.

When using azure AD for authentication this would mean then an app registration per service API and an app registration for a client app. These would then become many enterprise app registrations within customer tenants. This seems like a lot of app registrations in a customers tenant which they would need to manage. Adding users to roles etc for each one.

This seems overly complicated for a customer.

How do I avoid this scenario?

score 0 · Answer 1 · answered Feb 01 '22 at 05:19

There is a way around, but have not tested in our lab.

Once registered with multi-tenant app in your tenant, access can be granted to that app to create new app in customer tenant (which is new single tenant in your customers AAD)

Now that app should be granted access to resources.

Later once the new app in your own tenant has been created, revoke access to multi tenant app.

Reference So Thread:

How to programatically register an Azure AD application without tenant ID?

Multi tenant microservice architecture using azure AD

1 Answers1

Linked