Ability to manage Subscription Keys for a Group of users
Allow the assignment of a subscription key that applies to a group of users. The idea is to create one shared subscription key that is tied to the group so as members of the group swap in/out they can use that key.
Think of a large company of developers, rather than creating a shared login the group of developers could be put into the group and then have access to that applications subscription keys.
The idea is really to treat the key as an entity that isn't a person but needs to be managed by several people, like give this company or team a key to use when they deploy to prod. If someone leaves the team the subscription key isn't at risk of being deleted/replaced.
Thanks for the feedback – be great to get continued input on this. Keep the votes coming!
Shreyas Hirekhan commented
Here is how I solved this:
1. I'm using AADB2C to manage users, and their claims. I make users enter a 'company' claim on sign up.
2. I will create a default subscription(and enable it) in APIM.
3. I use inbound/outbound policies to get the claims, and if the user company claim name matches one of my subscriptions, then I return the subscription key to the user. Otherwise, they are not allowed to continue
At the end of the day, we will have many users using the single subscription key. This is a very hacky method, but its working for us.
Tuukka Haapaniemi commented
This is crucial for joint ventures with external development companies. Now the subscription, its keys and its monitoring are all behind a single user, which is not acceptable.
Peter Speden commented
We have clients who require this. Our requirement is that we should be able to allocate a Product Subscription key to a group of users. At the moment you can only choose 1 user when creating a subscription.
Alexander Viken commented
This would be a really useful feature - We have at any given point a number of teams working on different applications - being able to assign a team key, or application key that works regardless of who is logged in as long as they are member of the dev team for the specific application