FHIR Server for Azure: Azure AD mechanism when there are multiple servers
As explained here, you have to register your FHIR API with Azure AD in order to make calls to the API.
Azure AD is free for Single Sign-On for up to 10 apps: https://azure.microsoft.com/en-us/pricing/details/active-directory/
Q: Given a scenario where I have more than 10 FHIR APIs accessed through a single Web platform by multiple users, do I need to assign an account for each actor and pay $6 user/month(Premium P1)?
Or could I have a single account that is used to make calls to the APIs and authenticate the actors through another method? If you have hundreds of users it is pretty expensive to pay 6$ for each just for authentication.
Do I understand Azure AD correctly? Is there any other better method?
Answer: No. It's very likely you can get away with less than 10 app registrations without losing the ability to authorize each individual user. The only limit you should be worried about is the 500,000 object limit.
Explanation: The concept of App Registration is well explained here, and I won't make an attempt to do a better job.
The key thing in the context of this question is that you can use the same App Registration with as many "applications" as you want. The only consequence is that you won't be able to assign different permissions to each of those applications.
From your question is not very clear what "10 APIs" mean.
In the simplest case, you have 10 different endpoints hosted under the same application, in which case the solution is trivial: use a single app registration with as many "app roles" as necessary to control access as granularly as you need/supported by FHIR.
Worst case, you have 10 applications hosted independently, in which case you can still use the app manifest to create as many app roles as necessary, most likely using some prefixing: app1_admin, app1_readonly, app2_readonly, etc. Then use those app roles to grant permissions to your endpoints.
See this documentation about how to create app roles in your app manifest.
A picture is worth more than a thousand words. This one should illustrate how you can use the same App Registration for as many applications as you wish.
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday