Low Trust Deployment
This article provides an overview of the installation steps for a low trust deployment of TeamFolio as a SharePoint add-in.
Step 1: Register Low Trust Add-in
This step should be performed by you prior to deployment of the TeamFolio SharePoint add-in.
Before you can publish the TeamFolio add-in, it must first be registered with the SharePoint Online add-in management service. The TeamFolio low-trust add-in must be registered on the Microsoft SharePoint Online or SharePoint 2013 or SharePoint 2016 form on which the add-in is to be installed. The TeamFolio low-trust add-in requires environment specific configuration and therefore cannot be obtained through the SharePoint Store.
Registration is described in the following procedure via the appregnew.aspx page in your system You'll fin this located at:
To register the add-in
- Go to the https://SharePoint_website/_layouts/15/appregnew.aspx page. This is the SPHostUrl field in the example table below
- Select the ‘Generate’ buttons to generate values for the add-in Client ID and Client Secret.
- Provide the base URL of the domain where the TeamFolio MVC Web Application will be hosted. This is the Add-in Domain. Do not include the protocol (HTTPS) in the domain, but you must include the port that the remote components will use for HTTPS requests if it is not 443 (e.g. teamfolio.mycompany.com or teamfolio.mycompany.com:4444).
- Provide the redirect url of the domain where the TeamFolio MVC Web will be hosted. Include the protocol (HTTPS) in the domain, you must also include the port that the remote components will use for HTTPS requests if it is not 443 (e.g. https://teamfolio.mycompany.com or https://teamfolio.mycompany.com:4444).
- Select ‘Create’. The information that you entered for the add-in will be displayed on the next page.
Copy-Paste the registration information into your configuration documentation that should include a table like the one below:
Property | Value |
---|---|
SPHostUrl | e.g. https://SharePoint_website/ or https://SharePoint_website/sites/XYZ |
Client ID | |
Client Secret | |
Title | |
Add-in Domain | |
Redirect Url |
Step 2: Register Low Trust Add-in Permissions
Before you can publish the TeamFolio add-in, it must also be authorised with the SharePoint Online add-in management service.
Authorisation is done on the page https://SharePoint_website-admin/_layouts/15/appinv.aspx as described in the following procedure.
To authorise the add-in:
- Go to the https://SharePoint_website-admin/_layouts/15/appinv.aspx page.
- Enter the client id generated in step 2.1 into the Client ID and click ‘Lookup’.
- Provide the permissions xml as supplied by FidraSoft and click ‘OK’.
Step 3: Create the TeamFolio Database
This step should be performed by you prior to deployment of the TeamFolio SharePoint add-in.
The TeamFolio SharePoint add-in has been developed using Microsoft Entity Framework 6 Runtime. Using Entity Framework 6 allows the TeamFolio add-in to automatically update the target database over time to reflect the latest application schemas. Therefore, TeamFolio only requires a blank target database and a suitable connection string. On first run of the application, TeamFolio will generate the required schema in the target database and pre-populate all static data automatically.
To create a TeamFolio Azure SQL Server database (using the management tool of your choice):
- Create a new sql server login account for TeamFolio.
- Create a new, blank database.
- Assign the sql server login to the newly created database with db_owner permissions.
Please note the following details for reference in your configuration documentation that should include a table like the one below:
Property | Value |
---|---|
Server | |
Database | |
Username | |
Password* | *It is likely your organisation will have existing protocols to be followed for storing and managing passwords. |
ConnectionString |
Step 4: Create TeamFolio Azure Web Application Service
To create the TeamFolio Azure Web Application Service:
- Use Microsoft Azure Administration Portal to create a new Web Application Service. Please ensure to select an appropriate Resource Group, App Service Plan and Location.
Please note the Url for reference in your configuration documentation.
Step 5: Create the Azure App Registration
This step should be performed by you prior to deployment of the TeamFolio SharePoint add-in.
Using the Azure Active Directory App Registration panel – create a new App Registration.
- Name: Choose a meaningful name to your organization e.g. ‘TeamFolio Production’
- Supported Account Types: Single Organisation
- RedirectUri: Use the url noted in step 4
- Click ‘Register’ and make a note of the Application Client Id and Directory Tenant Id in the table below:
Authentication Settings
- Under Implicit Grant – enable ‘ID Tokens’
Certificates and Secrets
- Create an appropriate client secret and make a note in the table below:
API Permissions
Add the following delegated permissions:
- Offline_access
- OpenId
- Profile
- User.Read
- User.Read.All
- User.ReadBasic.All
- User.ReadWrite
Please note the following details for reference in your configuration documentation that should include a table like the one below:
Property | Value |
---|---|
Tenant Id | |
Application Id | |
Client secret |
Step 6: Publish the TeamFolio Web Application
To publish the mvc web application:
Extract the mvc web application zip file into a local folder (e.g. C:\TeamFolio or C:\Temp\TeamFolio). This location will be required only temporarily. Copy the application configuration templates files from ‘App_Data\Config\Templates’ to the parent directory ‘App_Data\Config’. The auxiliary files contain all client-specific configuration options. By segregating this configuration from the primary release package, client-specific configuration is protected from change during update operations. Using Azure Web Application Service Advanced Tools – copy the contents of the local folder above to the ‘/site/wwwroot/’ folder of the Web Application Service.
Step 7: Configure the TeamFolio MVC Web Application
To configure the mvc web application:
- Using Azure Application Settings – create a connection string named ‘TeamFolioDbContext’ and apply the connection string value obtained in step 2.3.
- Using Azure Application Settings – select ‘Advanced Edit’ and add the following keys to the panel:
{
"name": "aad:authority",
"value": "https://login.microsoftonline.com/{0}/v2.0",
"slotSetting": false
},
{
"name": "aad:clientId",
"value": "",
"slotSetting": false
},
{
"name": "aad:clientSecret",
"value": "",
"slotSetting": false
},
{
"name": "aad:defaultGraphScopes",
"value": "User.Read User.ReadWrite User.ReadBasic.All",
"slotSetting": false
},
{
"name": "aad:redirectUri",
"value": "",
"slotSetting": false
},
{
"name": "aad:tenant",
"value": "",
"slotSetting": false
},
{
"name": "dm:administrators",
"value": "",
"slotSetting": false
},
{
"name": "dm:databaseInitialiserTimeout",
"value": "600",
"slotSetting": false
},
{
"name": "dm:defaultLicenseDuration",
"value": "",
"slotSetting": false
},
{
"name": "dm:defaultLicenseGuid",
"value": "",
"slotSetting": false
},
{
"name": "dm:defaultLicenseName",
"value": "",
"slotSetting": false
},
{
"name": "dm:defaultLicenseUserLimit",
"value": "",
"slotSetting": false
},
{
"name": "dm:enableMultipleTenancy",
"value": "false",
"slotSetting": false
},
{
"name": "dm:licensePrivateKey",
"value": "",
"slotSetting": false
},
{
"name": "sp:clientId",
"value": "",
"slotSetting": false
},
{
"name": "sp:clientSecret",
"value": "",
"slotSetting": false
},
{
"name": "sp:clientSigningCertificateSerialNumber",
"value": "",
"slotSetting": false
},
{
"name": "sp:hostUrl",
"value": "",
"slotSetting": false
},
{
"name": "sp:issuerId",
"value": "",
"slotSetting": false
}
- Using Azure Application Settings – edit the application setting named ‘aad:clientId’ and apply the application id obtained in Step 5.
- Using Azure Application Settings – edit the application setting named ‘aad:clientSecret’ and apply the application client secret obtained in Step 5.
- Using Azure Application Settings – edit the application setting named ‘aad:redirectUri’ and apply the url obtained in Step 4.
- Using Azure Application Settings – edit the application setting named ‘aad:tenant’ and apply the tenant id obtained in Step 5.
- Using Azure Application Settings – edit the application setting named ‘sp:clientId’ and apply the Client ID value obtained in Step 1.
- Using Azure Application Settings – edit the application setting named ‘dm:administrators’ and enter the email addresses of any administrator accounts as a semi-colon ‘;’ delimited list. These accounts will always have full administrative permission within TeamFolio regardless of any group membership which might be configured within the application at a later date.
- Using Azure Application Settings – edit the application setting named ‘sp:clientSecret’ and apply the Client Secret value obtained in Step 1.
- Using Azure Application Settings – edit the app setting name: ‘sp:hostUrl’ and apply the SPHostUrl value obtained in Step 1.
Step 8: Upload and install the SharePoint Add-in
To upload and install the SharePoint Add-in:
Upload the TeamFolio SharePoint add-in package file to the add-in catalog. Install the add-in on any website within the same parent SharePoint web application that contains the add-in catalog.