d.velop SaaS
- Application
  - User interfaces
  - Services (business logic, background services)
Microsoft Entra ID
- d.velop contract application objects (app registrations)
Customer Microsoft 365 tenant
- Microsoft Entra ID
  - User
  - Permissions
  - d.velop contracts enterprise applications/service principals (Enterprise apps)
- SharePoint
  - Exclusive site collection
  - Permissions
- Microsoft Graph
  - Endpoints for the user profile
  - In future for unified access to Microsoft 365 services

Interaction of the components

When working with d.velop contracts for Microsoft 365, the user only comes into contact with the provided user interface. Contract files are managed exclusively from this user interface. But because the contract files (documents and metadata) are stored in a SharePoint site collection in the Microsoft 365 tenant, the customer has full control over their data.

The user base is kept in the customer’s Microsoft Entra ID. Contract files are saved in SharePoint by the user via the d.velop contracts for Microsoft 365 user interface. To do this, a user logs on in the context of a Microsoft Entra ID app. The app provides a framework of permissions that the user cannot exceed. The user's permissions, together with the app's permission frames, represent the maximum extent of access to the data in SharePoint. SharePoint permissions are the basis for data storage and access to data.

d.velop contracts for Microsoft 365 supports the rule-based setting of permissions on contract files. Rules are configured and processed in the product, setting SharePoint permissions on all parts of a contract file.

Active Directory together with SharePoint permissions thus offer a long-proven concept for managing authentication and authorization.

Logging and monitoring

Isolation in a site collection