堆栈内存溢出
  简体   繁体   English

Azure 多租户 saas 应用程序,如何为每个环境注册应用程序?

[英]Azure multi tenant saas app, how to register Application per environment?

 原文  2016-10-24 12:49:27       azure/ azure-active-directory/ multi-tenant

问题描述

For our multi-tenant application in Azure, I am assigned with the task on how to register the app for multiple environments (Test, acceptance, production, ...).对于我们在 Azure 中的多租户应用程序,我被分配了有关如何为多个环境(测试、验收、生产……)注册应用程序的任务。

As for as I can think, there are 2 possibilites:至于我能想到的,有两种可能性:

  • 1 APP registered for all environments (different resource groups for the infrastructure, but all accessing the same appid/appkey)为所有环境注册了 1 个 APP(基础设施的不同资源组,但都访问相同的 appid/appkey)

    => Users assigned in prod, will be assigned to test and vice versa (with the same roles because the service principal is the same). => 在 prod 中分配的用户将被分配到 test ,反之亦然(具有相同的角色,因为服务主体相同)。

    => All tenant will automatically have access to test (if they know the URL) => 所有租户都将自动获得测试权限(如果他们知道 URL)

    => Giving consent in production, will cause that test will get consent too (because both use the same service principal). => 在生产中给予同意,将导致该测试也得到同意(因为两者使用相同的服务主体)。

  • 1 App / per environment (different resource groups, all having their own appid/appkey) 1 个应用程序/每个环境(不同的资源组,都有自己的 appid/appkey)

    => Roles are not shared; => 角色不共享; User assigned in Prod will not be assigned automatically in test (other service principal)在 Prod 中分配的用户不会在测试中自动分配(其他服务主体)

    => A tenant will only have access to test when access is granted by the owners of the product => 只有在产品所有者授予访问权限时,租户才能访问测试

    => Consent must be given per environment => 必须根据环境给予同意

Given these assumption, I would go for option 2;鉴于这些假设,我会选择选项 2; Because consent for the production app, doesn't mean you want consent for the test application on your production AD.因为同意生产应用程序,并不意味着您需要同意生产 AD 上的测试应用程序。

Does my assumption makes sence?我的假设有道理吗? Are there some things that I am missing?有什么我想念的吗?

1 个解决方案

解决方案1
 3 已采纳  2016-10-24 22:54:10

Id agree with you, option 2 is cleaner, the more you can keep the settings and resources separated the less risk you have, and the more flexibility with testing.我同意您的看法,选项 2 更简洁,您可以将设置和资源分离得越多,风险越小,测试的灵活性也越大。 The only downside is additional management of users, but in this case that's probably not a big problem, especially if the intent isn't for UAT/pre prod beta testing by end users.唯一的缺点是用户的额外管理,但在这种情况下,这可能不是一个大问题,尤其是如果最终用户的意图不是 UAT/pre prod beta 测试。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure中的应用程序角色多租户Saas应用程序 - Application roles multi tenant Saas application in Azure Azure应用服务上托管的多租户SaaS应用中的自定义域 - Custom domains in multi tenant SaaS app hosted on Azure App Service Azure上的多租户(SaaS)Web应用程序,部署选项 - Multi-tenant (SaaS) web app on Azure, Deployment options 如何在另一个租户中注册 Azure AD 多租户应用程序(未在其中创建) - How to register Azure AD multi-tenant app in another tenant (in which it wasn't created) Azure 多租户 SAAS/PAAS? - Azure multi-tenant SAAS/PAAS? 如何使用Microsoft Azure中的多租户应用程序在客户端的活动目录中注册应用程序? - How do I register an app in client's active directory using my multi tenant app in microsoft azure? 多租户应用的Azure AD Graph对象ID对于每个租户是唯一的,如何动态获取servicePrincipal ID? - Azure AD Graph object ID of multi-tenant app is unique per tenant, how do I get the servicePrincipal ID dynamically? 如何授权 Azure 多租户应用程序在客户租户中配置资源 - How to authorize Azure multi tenant application to provision resources in customer tenant 多租户环境 - 多个成员资格提供者,每个租户1个DB,一个单一应用程序 - Multi Tenant Environment - Multiple Membership providers, 1 DB per Tenant, One Single Application 如何计算或估算 Azure 应用程序 (SaaS) 的每位用户成本? - How to calculate or estimate cost per user on Azure Application (SaaS)?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM