Azure multi tenant saas app, how to register Application per environment?
Question
For our multi-tenant application in Azure, I am assigned with the task on how to register the app for multiple environments (Test, acceptance, production, ...).
As for as I can think, there are 2 possibilites:
1 APP registered for all environments (different resource groups for the infrastructure, but all accessing the same appid/appkey)
=> Users assigned in prod, will be assigned to test and vice versa (with the same roles because the service principal is the same).
=> All tenant will automatically have access to test (if they know the URL)
=> Giving consent in production, will cause that test will get consent too (because both use the same service principal).
1 App / per environment (different resource groups, all having their own appid/appkey)
=> Roles are not shared; User assigned in Prod will not be assigned automatically in test (other service principal)
=> A tenant will only have access to test when access is granted by the owners of the product
=> Consent must be given per environment
Given these assumption, I would go for option 2; Because consent for the production app, doesn't mean you want consent for the test application on your production AD.
Does my assumption makes sence? Are there some things that I am missing?
1 answers
solution1
3 ACCPTED 2016-10-24 22:54:10
Id agree with you, option 2 is cleaner, the more you can keep the settings and resources separated the less risk you have, and the more flexibility with testing. The only downside is additional management of users, but in this case that's probably not a big problem, especially if the intent isn't for UAT/pre prod beta testing by end users.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.