The One Point SaaS management platform is pivotal in the unified ecosystem of the company's applications and services, facilitating the convergence of Microsoft organizational users and the company's Big Data. Presently, this project prioritizes authentication and authorization of users linked to the company's business, along with identity management and secure intercommunication between the identity provider and authorization services.
Our client, a proficient Azure enterprise specializing in client support, consulting, and cost management, manages a diverse range of requests from clients seeking tailored reports. At the heart of their operations lies the One Point SaaS management platform, an essential component within their ecosystem of applications and services.
Designed to integrate Microsoft organizational users with the company’s vast Big Data resources, the platform is a pivotal tool for authentication, authorization, and secure communication. However, despite their Azure expertise and strategic focus on Big Data solutions, our client needs help in actual development.
With limited in-house development expertise, they need help creating custom solutions tailored to individual client needs. Integration into existing systems poses further hurdles, hindering the seamless incorporation of Big Data solutions into client workflows. Consequently, the inability to customize solutions leaves our client with a one-size-fits-all approach that falls short of meeting the unique requirements of their clientele.
To address these challenges, our proposed solution aims to enhance our client’s company’s development capabilities while optimizing their Big Data solutions for maximum effectiveness. By leveraging our expertise in software development and Big Data integration, we will collaborate closely with our client to overcome their current limitations and unlock new opportunities for growth.
The One Point SaaS management platform project is structured around four primary business objectives:
Establishing a centralized repository of information for clients: This consolidation of data will enhance our position as a leading Cloud Service Provider (CSP) partner in the market and increase our attractiveness to potential stakeholders.
Enabling business initiatives and opportunities for users of various Microsoft organizations.
Improving user experience.
Reducing support and maintenance costs by modernizing technology.
Despite our client’s focus on Big Data solutions, their lack of development experience presents significant challenges:
– Limited In-House Development Expertise: The absence of development experience inhibits the company’s ability to create customized solutions tailored to specific client needs.
– Integration Challenges: Integrating Big Data solutions into existing systems or workflows is complex without a strong development background, making seamless integration with clients’ infrastructure a struggle.
– Inability to Customize Solutions: Customization is vital in Big Data projects to meet unique business requirements. However, the company’s lack of development expertise limits their ability to tailor solutions, resulting in a one-size-fits-all approach that may not fully meet clients’ specific needs.
– Manage all user identities in a single B2C tenant.
– User identities are multi-tenant Microsoft accounts.
– Provide a convenient B2C authorization model with a single user account (its email) based on the modern OpenID Connect authentication protocol.
– Use the email address (principal name) as a user identifier. The email address should be a valid email address that the user has access to.
– Do not store passwords or any sensitive account information on the B2C side.
– The account authentication flow and details such as branding, Multi-Factor Authentication (MFA) scenarios, etc., should entirely depend on the user’s organization rules.
– Support web client applications.
– Automatic user info enhancement.
– Access Control shall be independent of the user’s parent organization. For example, a user from one organization should be able to access resources of the customer organization if proper access rights are granted.
– Ability to authorize using the company’s CRM system via intermediate storages, extending the identity token of the current user with application-specific claims.
– Ability for User Management (edit/extend information about the user).
– Integration with new Microsoft Power Pages application: Placing of Power BI widget provided by the Customer in Power Pages application.
We joined this project in its initial stages. As of today, our developers use the latest technology stack for the following:
User Authentication:
An HTTP-triggered Azure Function is employed to verify whether an incoming account has access to the application. Notably, the criteria for access will be defined by Customer’s Salesforce users. This process avoids direct interaction with the Salesforce API to mitigate network latency and enhance reliability, given that Cosmos DB offers a 99.999% service level agreement. Instead, access to an intermediate Cosmos DB storage is assumed.
Microsoft Power Pages Application:
After successful authentication/authorization, users will be redirected to the Microsoft Power Pages application. Microsoft Power Apps is a low-code platform for building applications by Microsoft. When the customer’s environment requires contributions from external organizations/users, the new Power Platform component, Power Pages, comes into play. This platform will be used to host the customer’s self-service solution for external organizations.
We expect 2 more pages:
– Welcome Page: This page allows any default content for anonymous users.
– User-Specific Page: This page is accessible for authenticated users and includes the rendering of an embedded Power BI component.
Power BI Embedded Component Integration
As a starting point, the Power BI embedded component will be positioned on the homepage of the Microsoft Power Pages web application. The implementation of this Power BI component is beyond the development scope; it will be provided by the company in advance. For this component, a set of HTML, JavaScript, and configuration layers are expected. We assume the ability to pass the current user organization name as a parameter for rendering user-specific data. User identifiers and organization information will be extracted from the JWT Identity Token.
Integrations
– Logic Apps – CRM (Salesforce) to Cosmos DB users synchronization component;
– CRM (Salesforce) – company’s CRM instance in cloud;
– Power BI – parameterized embedded component provided by the company side.
Common Solution architecture
Authentication for the One Point SaaS management platform utilizes a federated architecture. In this structure, the central B2C identity provider serves as a gateway to the upstream Azure Active Directory. The upstream identity provider handles the actual authentication of users while adhering to the security rules of the account organization.
Cloud components scheme
The picture below displays the main and auxiliary infrastructure components that will be configured during the development process. It’s important to note that components such as Power BI, Salesforce, and Logic Apps for CosmosDB population will be provided by the customer, while everything else will be created by the developer.
The customer’s AAD tenant grants service connection between Azure DevOps and Azure Portal.
The federated architecture, with the central B2C identity provider acting as a gateway to Azure Active Directory, results in a unified and simplified authentication process. This consolidation reduces complexity and enhances operational efficiency.
By trusting only one identity provider (B2C), the SaaS management platform avoids the overhead and costs associated with managing multiple identity providers. This leads to cost savings in terms of maintenance and administration.
The architecture allows for flexibility, as the platform can easily adapt to changes in upstream identity providers without requiring modifications. This agility enables the organization to evolve the identity infrastructure to provide new functionality over time.
The single point of authentication flow enhances security by providing a centralized location for logging and auditing of all authentication activities. This not only improves security measures but also ensures compliance with regulatory requirements.
The B2C platform can be extended with authorization steps, and for authorization purposes, the CRM (Salesforce) platform is utilized through intermediate storage. This delegation of security responsibilities to Microsoft Azure B2C and CRM (Salesforce) systems ensures a focused and specialized approach to security.
With only one place for user management (B2C), the SaaS management platform simplifies user administration processes. This centralization reduces the chances of errors and enhances the overall user management experience.
Our client is a US-based clean energy company. Their solution combines financial and technological innovation to accelerate the deployment of solar, wind, and other critical infrastructure worldwide.
A well-known logistics and transportation provider in the United States offers fleet management software solutions, namely a user interface (UI) for tracking and monitoring assets exclusively with their devices. This
Our client is an outsourcing and product company that works with linguistic technologies. It produces some useful services by order (from Amazon, Microsoft, Oriflamme, etc.) or creates its own.
About cookies on this site