System architecture
Components used
d.velop contracts for Microsoft 365 is a SaaS service. SharePoint is used to store contract files (documents, metadata).
The following components play a part in this:
d.velop SaaS
Application
User interfaces
Services (business logic, background services)
Microsoft Entra ID
d.velop contract application objects (app registrations)
Customer Microsoft 365 tenant
Microsoft Entra ID
User
Permissions
d.velop contracts enterprise applications/service principals (Enterprise apps)
SharePoint
Exclusive site collection
Permissions
Microsoft Graph
Endpoints for the user profile
In future for unified access to Microsoft 365 services
Interaction of the components
When working with d.velop contracts for Microsoft 365, the user only comes into contact with the provided user interface. Contract files are managed exclusively from this user interface. But because the contract files (documents and metadata) are stored in a SharePoint site collection in the Microsoft 365 tenant, the customer has full control over their data.
The user base is kept in the customer’s Microsoft Entra ID. Contract files are saved in SharePoint by the user via the d.velop contracts for Microsoft 365 user interface. To do this, a user logs on in the context of a Microsoft Entra ID app. The app provides a framework of permissions that the user cannot exceed. The user's permissions, together with the app's permission frames, represent the maximum extent of access to the data in SharePoint. SharePoint permissions are the basis for data storage and access to data.
d.velop contracts for Microsoft 365 supports the rule-based setting of permissions on contract files. Rules are configured and processed in the product, setting SharePoint permissions on all parts of a contract file.
Active Directory together with SharePoint permissions thus offer a long-proven concept for managing authentication and authorization.