I'm developing a Microsoft Access front-end connected to an Azure back-end database for my customers, who typically have dynamic IP addresses. I'd like to ensure that only licensed users can access the back-end, but managing their ever-changing IPs is quite challenging. Here are some options I'm considering:
1. **Automation**: Automatically updating each customer's IP addresses upon login seems cumbersome and could potentially slow down performance while posing security risks.
2. **User Management with Entra ID**: Is it feasible to manage user access through Entra ID with a REST API linked to the Azure database? Would I need a unique API for each customer?
3. **VPN Solutions**: I'm unfamiliar with virtual networks or VPNs, but I imagine I could limit usage to my application only. This might involve creating separate user accounts for each customer while ensuring that connections aren't made from multiple IPs or devices using shared login information. I'd likely need to accommodate multiple connections per customer for various connection methods like ADO, ODBL, oAuth2, etc.
So, what's a practical solution for enabling customers with dynamic IP addresses to access an Azure database securely?
1 Answer
I've come up with some workarounds for this before, but honestly, they can get messy. Have you thought about transitioning your Access app into a web application? This way, you could use a static IP to manage access to Azure more effectively.
Also, think about how you're separating data for each customer. Are they all from different companies, or do they share some sort of commonality? If they're individuals from various businesses, a VPN might be an excellent way to restrict access based on custom group memberships in Entra.
Thanks for your insights! I'm currently considering the idea of a WebApp, but I'm still figuring out how to secure the back-end effectively. I might need to launch a local SQL Server for individual customers to keep the critical stuff safe. I hear you on Azure's costs though; it's a concern for me too!