You have this multi-tenant application that is protected with Azure AD, great! How about the certificate you’re using as a client credential? If you followed the Microsoft samples it’s probably stored in the Azure Key Vault. This seems really secure, but there is one thing no one thought about Certificate Extraction.| svrooij.io
Today I’ll demo my new KeyVault proxy in the 425show. This page will allow you to follow along. Check out the recording and if you have any questions, contact me on twitter @svrooij.| svrooij.io
Protecting client credentials for (multi-tenant) application should be your highest priority, not only in production also during development. We developed a small application that helps you do just that. Use your Visual Studio credentials to sign a token request while the certificate stays in the KeyVault. You could even only authorize developers to use the certificates in a KeyVault when they need it and de-authorize then when it’s no longer needed.| svrooij.io
Ever since Microsoft created managed identities, people are asking how/if they work for multi-tenant applications. They even spend a faq on it. Previously you had to go through some hoops to use managed identities with your multi tenant app. Let’s have a look if we can solve this with in combination with federated credentials.| svrooij.io