Multi Tenancy with Azure AD Auth With Web App API
I have a classical 3-tier app (Database, API & UI) running on Azure cloud. Now I want to extend this app and enable it for a different set of customer base. So for now I'm having users pertaining to Company A in the Database. I'm using Azure AD for Authentication and once Auth is successful via logging in, the users can call the necessary API's.
I now want to extend this set up to Company B. I already identified that I would not use the same Database to hold the data for Company B. So I will have a new database to accomodate all the data for Company B. I will use the same UI & the API to server both Company A and Company B.
Right now, I'm using Azure AD for creating JWT tokens that I validate in my API upon every API call. With this multi tenant set up, I now also have to identify from this Token which Company the API call belongs to such that I can connect to the appropriate database. I have been reading about Multi tenancy in Azure AD, but not sure if this is the right thing I should be doing. Any ideas on how this could be done?
I recommend reading up on B2B and B2C collaboration in Azure Active Directory.
Generally, I don't think you are doing anything wrong.
When designing multitenant application, you have to choose from several patterns.
Depending your many features:
Tenant Isolation, Scalability requirements, developement complexity, operational complexity and customizations. The biggest factory would be security and isolation.
From what you described , it seems you are in the multi-tenant app with database per tenant.