Hi wode,

I'll try my best to answer your questions regarding multi-tenancy using Azure AD B2C:

As for the best strategy for multi-tenancy on the application level, it depends on your specific requirements. Using a separate subdomain per tenant is a common approach, but it is also possible to host on a single domain and use other mechanisms such as custom claims to separate tenants.
Yes, when using Azure AD B2C in multi-tenant mode, any tenant can use your application. You will need to filter out tenants based on their IDs in your application code.
Azure AD B2C supports federated authentication, which allows you to delegate authentication to other identity systems such as SAML or OpenID Connect.
You can inspect the token and distinguish the tenant from the token sent in every request using the issuer parameter. The issuer parameter specifies the issuer of the token, which includes the tenant ID.
You can store accounts in Azure AD B2C locally and spread them out over multiple tenants inside B2C.
As far as I know, there is no limitation on the number of tenants that can be configured in Azure AD B2C.

I hope this helps! Let me know if you have any further questions.

Cheers,

Luke

Here are some high-level steps you can follow to implement a multi-tenant SaaS application using a SPA and Spring Boot backend, running on Azure App Service and using Azure AD B2C for identity management:

Configure Azure AD B2C: Create an Azure AD B2C tenant and configure it to support multi-tenant applications. You will need to create user flows and custom policies to support authentication and authorization for your application.

Implement SPA: Implement your single-page application (SPA) using a front-end framework such as React, Angular, or Vue.js. Integrate the Azure AD B2C authentication library to enable users to sign in and access your application.

Implement Spring Boot backend: Implement your Spring Boot backend and configure it to authenticate users using Azure AD B2C. You can use the Spring Security framework to handle authentication and authorization.

Configure Azure App Service: Create an Azure App Service and configure it to host your SPA and Spring Boot backend. You can use Azure App Service's built-in support for Java and Node.js to deploy your application.

Implement multi-tenancy: Implement multi-tenancy support in your application by using tenant-specific configuration settings and data. You can use Azure AD B2C's custom attributes to store tenant-specific data for each user.

Test and deploy: Test your application thoroughly and deploy it to your Azure App Service instance. Make sure to configure SSL for secure communication and enable CORS if necessary.

Monitor and manage: Monitor your application's performance and usage using Azure App Service's built-in monitoring and logging tools. You can also use Azure AD B2C's administration portal to manage user accounts and access policies.

Implementing a multi-tenant SaaS application using a Single Page Application (SPA) frontend, a Spring Boot backend, Azure App Service for hosting, and Azure AD B2C for identity management is a common and feasible architecture. Here's an overview of the steps involved: Design the architecture: Define the overall architecture of your application, considering components like the frontend SPA, backend APIs, database, and integration with Azure services. Ensure your architecture supports multi-tenancy, where multiple customers can securely access and use the application. Develop the SPA: Build the frontend SPA using frameworks like React, Angular, or Vue.js. Implement user interfaces for authentication, tenant selection, and user management. Integrate Azure AD B2C to handle user authentication and authorization. Ensure your SPA securely communicates with the backend APIs. Develop the Spring Boot backend: Design and develop your backend APIs using Spring Boot. Implement tenant management functionality, including the ability to isolate data and customize behavior per tenant. Ensure secure communication with the frontend and appropriate authentication and authorization mechanisms. Set up Azure App Service: Create an Azure App Service instance to host your application. Configure the required runtime environment and deployment settings. Set up scaling options and performance optimization based on your expected load. Configure Azure AD B2C: Create an Azure AD B2C tenant and configure the necessary user flows (e.g., sign-up, sign-in) and application registration. Define the required user attributes and claims. Configure the SPA frontend and backend API applications to use Azure AD B2C for identity management. Implement multi-tenancy: Design and implement the logic for multi-tenancy in your application. Consider approaches like separate databases, schema per tenant, or data segregation within a shared database. Implement mechanisms to ensure tenant isolation and handle tenant-specific configurations. Secure communication: Implement secure communication between the frontend, backend, and Azure AD B2C. Use HTTPS for all communication channels. Validate and authenticate incoming requests on the backend. Implement authorization checks to ensure users can access the appropriate tenant data. Testing and deployment: Test your application thoroughly, including different tenant scenarios, authentication flows, and data isolation. Set up a continuous integration and deployment pipeline to automate the deployment process to Azure App Service. Use appropriate testing strategies and security best practices. Monitoring and maintenance: Implement logging, monitoring, and diagnostics in your application. Set up appropriate alerts and monitoring solutions to detect and respond to potential issues. Regularly update and maintain your application, including security patches and bug fixes. Remember to refer to Azure documentation, Spring Boot documentation, and Azure AD B2C documentation for detailed guidance on setting up and configuring each component. A