I am looking to build a multi-tenant SaaS application, with database per tenant (much like the Wingtips demo, single app, multi database, with catalog database). The app is not a public app, and will require access being locked down based on incoming IP address. I know how to do this at an app level using IP restrictions. Unfortunately, using this customers could potentially attempt to access other customers instances of the app, if they work out the URL.
Each customer will be accessing using their own URL. Is there any way to restrict access at this level, rather than at application level? I would very much prefer to use a single app.
Just as an extra bit of information, when customers access the app they will be required to enter a username and password. I know this does secure the app, but we do not want customers to be able to even see other customers login pages (due to confidentially agreements and such).