Low Trust Overview
TeamFolio is a provider-hosted add-in for Microsoft SharePoint. For the purposes of this document, it is assumed that the provider-hosted add-in will be deployed as a low-trust add-in.
A low-trust add-in is a provider-hosted SharePoint Add-in that is installed to either to Microsoft SharePoint Online or an on-premises SharePoint 2013, SharePoint 2016 or SharePoint 2019 farm that has been configured to use the customer’s Office 365 tenancy to establish trust with Azure ACS. The customer must have an Office 365 tenancy to install SharePoint Add-ins that use the low-trust system. However, it is not necessary for the customer to use the tenancy for any other purpose.
TeamFolio can be deployed to on-premise SharePoint 2013 and SharePoint 2016 farms as a high-trust add-in. This topic is covered in a separate document.
In SharePoint, the OAuth authentication and authorization flow for a provider-hosted, low-trust, add-in involves a series of interactions among your add-in, SharePoint, the authorization server, and the browser at runtime. The authorization server in this scenario is Microsoft Azure Access Control Service (ACS).
The remote web application of a high-trust SharePoint Add-in is separate from SharePoint, and not part of the SharePoint farm or SharePoint Online tenancy. It can be hosted in the cloud or on an on-premises server.
SharePoint provider hosted, low trust add-in The following diagram illustrates the communication flow in a low-trust configuration between the web browser (Client) and the SharePoint add-in:
TeamFolio™ Components in low trust
The following diagram illustrates the TeamFolio components (light purple) which must be installed and configured to provision the application in a low trust configuration:
Article Scope & Objectives This document provides a high-level overview of the installation process and outlines the prerequisite information which will be required for deploying the TeamFolio add-in to your SharePoint environment using a low-trust configuration.
This document does not provide information on configuration of the supporting systems: e.g. SQL Server, SharePoint, Active Directory or appropriate network connectivity between these systems.
Assumptions It is assumed that people deploying this SharePoint add-in will be familiar with your organization’s IT infrastructure, policies and configuration management processes regarding such a deployment.
It is also assumed that appropriate privacy and security measures already exist, and these measures will be applied to the TeamFolio deployment.
It is assumed the reader and those deploying the TeamFolio SharePoint Add-in will be familiar with SharePoint administration for Microsoft SharePoint Online or an on-premises SharePoint 2013 or SharePoint 2016 farm deployment and that add-in support for SharePoint has already been provisioned.
System Requirements
Hardware Requirements
Recommended Azure SQL Server
| Purpose | Recommended Minimum Specification |
|---|---|
| Trial | Basic Tier |
| Test | Standard Tier Minimum |
| Production | Standard Tier Minimum |
Recommended SharePoint Server Online
- Not applicable
Recommended SharePoint Server 2016 Hybrid Single Server Role
| Property | Value |
|---|---|
| CPU | 64-bit, 4 cores, 2.0 GHz or faster |
| RAM | 16GB |
| HDD | 80GB System Drive, 100GB Second Drive |
Recommended TeamFolio™ Web Azure Application Service
- Assign to appropriate App Service Plan and Pricing Tier for your requirements
Software Requirements
It is assumed that the following software is already pre-installed and configured:
- On-Premises SharePoint (version 2013 or later) environment hybrid mode including add-in support OR Microsoft SharePoint Online including add-in support.
- Microsoft Azure SQL Server.
- Microsoft Azure Web Application Service to host the DiscoverMe remote web application.
In accordance with Microsoft best practice, it is not recommended to install provider-hosted add-ins to your SharePoint environment infrastructure.