Arch Flow

9.0 Microsoft Cloud Configuration (Azure & M365)

This section details the configuration required within the Microsoft 365 Tenant. These actions must be performed by a Microsoft 365 Global Administrator or Cloud Application Administrator.

9.1 Responsibility Matrix

Action

Owner Role

Environment

Input Required

App Registration

Identity / Entra ID Admin

Azure Portal

Redirect URIs, API Permissions list.

App Deployment

SharePoint / Teams Admin

Admin Center

The .zip Manifest file (provided by OpenText team).

Site Configuration

SharePoint Site Owner

SharePoint Site

The specific Documentum folder path to map.

9.2 Step 1: Azure App Registration (Identity Foundation)

Objective: Establish a trust relationship between the Microsoft Tenant and the on-premise Tomcat Server to allow Single Sign-On (SSO) and API access.

Configuration Details:

  1. Platform Type: Single Page Application (SPA)
    • Source: Installation Guide, Page 8, Step 2c.
    • Architectural Justification: The SmartView application renders inside an IFrame within the Microsoft Teams/SharePoint interface. Standard "Web App" redirects often fail within IFrames due to security sandboxing (X-Frame-Options). The SPA platform allows the application to acquire tokens securely via Javascript (Implicit/Hybrid flow) directly within the browser context without a full page redirect that would break the user experience.
  2. Redirect URI: https://<tomcat_server_fqdn>:<port>/SmartViewM365/ui
    • Requirement: Must be HTTPS. Microsoft Entra ID rejects HTTP redirect URIs.
  3. Implicit Grant Flow:
    • Check: Access tokens (used for implicit flows)
    • Check: ID tokens (used for implicit and hybrid flows)
    • Why: Required for the OpenText OIDC client to receive the initial identity assertion immediately upon loading in the browser.
  4. Expose an API (The Trust Scope):
    • Application ID URI: api://<tomcat_server_fqdn>:<port>/<guid>
    • Client Authorization: Pre-authorize the official Microsoft Teams Client IDs (Desktop/Web) to call this API. This prevents users from seeing "Do you trust this app?" consent popups every time they log in.

9.3 Step 2: SharePoint App Manifest Deployment

Objective: To make the "OpenText Documentum" Web Part available to be placed on SharePoint Pages.

The Artifact: A ZIP file generated by the Tomcat Server (SmartViewM365/manifests/download/sharepoint).

Deployment Workflow (Microsoft Admin):

  1. Navigate to SharePoint Admin Center 

 More features 

 Apps.

  1. Click Upload and select the .zip file provided by the OpenText engineering team.
  2. Critical Configuration:
    • When prompted "Enable this app?", select "Enable this app and add it to all sites".
    • Why: This pushes the app to the Tenant App Catalog. It eliminates the need for individual Site Collection Administrators to manually install the app on every single site where they want to use it. It makes the Web Part globally available in the "Add a Web Part" menu.

9.4 Step 3: Page Creation & "Portal" Setup

Objective: To create the actual user interface where the document repository is visualized.

The Workflow (SharePoint Site Owner):

  1. Create Page: User navigates to their SharePoint Site 

 New 

 Page.

  1. Insert App: In the Page Editor, click (+) and select "OpenText Documentum Content Management".
  2. Initial Handshake:
    • The Web Part loads. It will prompt for Documentum Credentials one time to establish the initial link.
  3. Folder Mapping (The "Portal" Link):
    • The user selects "Existing Folder".
    • The user browses the Documentum Repository structure (e.g., /Cabinets/Finance/Invoices).
    • Configuration Option: "Restrict navigation to this folder".
      • If Checked: The breadcrumb trail is hidden. The user is "jailed" in this folder.
      • If Unchecked: The user sees this folder but can navigate up to the Cabinet level.
  4. Publish: The page is saved.
    • Result: Any user with access to this SharePoint Page AND access to the Documentum Folder (via ACLs) can now view/edit documents.

9.5 Step 4: Teams App Deployment (Module A - Optional)

Objective: To make the App available as a Tab in Microsoft Teams.

The Artifact: A ZIP file generated by the Tomcat Server (SmartViewM365/manifests/download/teams). Note: This is a different zip file than the SharePoint one.

Deployment Workflow (Microsoft Admin):

  1. Navigate to Microsoft Teams Admin Center 

 Teams apps 

 Manage apps.

  1. Click "Upload new app" 

 Select the Teams .zip file.

  1. Permission Policy: Ensure the app is "Allowed" in the Global Org-Wide permission policy so users can see it in the Teams Store.

9.6 Configuration Dependency Checklist

Ensure the Microsoft Admin provides the following Output Values back to the OpenText Engineering team to complete the values.xml configuration on the Tomcat server:

  1. Application (Client) ID: (Generated during Step 9.2)
  2. Directory (Tenant) ID: (The GUID of the Azure Tenant)
  3. Client Secret: (The generated password for the App Registration)

Comments

Post a Comment

Popular posts from this blog

m365

Image
Solution Design Document Project: OpenText Documentum Content Management for Microsoft 365 Version:  2.0 (Final) Target Architecture:  Intranet / Split-Tunnel (No Inbound Public Access) 1.0 Executive Summary This solution integrates  OpenText Documentum  (the System of Record) with the  Microsoft 365  ecosystem. The architecture utilizes a "Portal" approach where the Documentum user interface (SmartView) is embedded within Microsoft containers (Teams Tabs or SharePoint Pages) to provide seamless access to secure repository content. Key Architectural Principles: Data Sovereignty:  Documentum remains the single source of truth. Microsoft SharePoint is utilized strictly as a  transient/temporary cache  for co-authoring sessions. Data is purged from the cloud immediately upon check-in. Zero Trust Security:  No user credentials are processed by the integration server. Authentication relies ...
Read more