To get listed, your app must be certified and meet our key certification criteria.
Everyone benefits when your application runs correctly with SuperOffice CRM Online. Meeting these criteria means a better quality product, fewer customer frustrations, fewer support calls and better usability of the integrated solution.
Following the guidelines also ensures that the application follows the fundamentals that make your product distributable as a standard application in the international SuperOffice marketplace.
As a partner, you are required to supply at least one dedicated representative to the certification process.
Technical requirements for app certification
The certification test will be run in SuperOffice Operations Development (SOD) environment, and later moved into Stage before we certify it and publish it in our CRM Online environment.
We will now go through all requirements related to:
- Database access
- Provisioning/de-provisioning (deployment)
- SuperOffice scripting usage
- Localization and language support
- Graphical User Interface
- Release strategy
- SuperOffice Online API Documentation
Every section is divided into the following subsections:
- Customer benefits: The motivation for SuperOffice AS (and CRM Online partner) to focus on the specific issue
- Requirement: The requirements your product has to meet in order to be certified by SuperOffice AS
- Best practice: Useful guidelines and resources on how to meet the requirements
- Remarks: Additional info regarding the specific issue
Note: New apps presenting new questions may result in updated rules at any time.
Any code must run with SSL in your own cloud, SuperOffice AS will not host any partner application on online.superoffice.com.
If your application identity and/or application token should be lost you must notify SuperOffice Online Operations as soon as possible by sending an email to firstname.lastname@example.org. This will notify key personnel who will contact the Administrative Contact and/or Technical Contact you provided us with so we decide next step of action which may be to shut down the app/issue new keys.
Security is our top most concern, and we require the use of WatchCom to make a security audit on all new potential partners and apps. The report from WatchCom is between the partner and WatchCom, but if there are potential showstoppers WatchCom will alert the SuperOffice Partner responsible/Certification Team about this. All red flags must be fixed before the app is published as a beta.
Always keep in mind the OWASP top ten list: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- The app must be based on the Online Partner SDK, we will not host any partner DLL assembly in the websites bin directory.
- The app must use Federated Authentication and a partner is not allowed to store any user credential authentication information in their application.
- You need to specify a redirect URL.
- We also have agents with restricted access, and you will have to specify specifically if you need access to any of these endpoints. At current time these are: User, ErpSync, Replciation, Email, and Messaging. The list may change
- Use SuperID and a system user, do not send username and password
- Any endpoints in use must be registered as allowed by SuperOffice
- Provide information if this is read or read/write operations
- Authenticate with SAML or JSON, and make sure to validate the tokens you receive back from SuperOffice CRM Online.
SuperOffice AS will log who calls us and when, but we do recommend that your application also log information about who and when. We would also like to see examples of what you long and how long you keep these logs.
- If needed we may go back in time to see when and by who an operation was performed.
- Logs should be minimum kept for 3 months
- Keep logs from your applications stored for a minimum of 3 months.
SuperOffice AS and their hosting center guarantee a 99.8% percent availability, your systems need to be up and running in accordance with SLA.
- Their data is available when they need it, or they should be made aware when it will be expected available to the best of our capabilities.
- The amount of load is our biggest concern. Do not enforce so much load on the system so the system becomes unavailable for other users.
- We will be monitoring traffic and in the future implement throttling that may affect you if you do
- Provide the users with information if operations take time.
4. Database Access
The key message regarding database access is to update the database in accordance with the SuperOffice database rules. Many systems require correct information from different parts of the database in order to function correctly. Thus, failure to comply with these rules can lead to data loss and/or data inconsistency.
- Ensure that errors will not appear in the client due to wrongfully added data.
- Use the SuperOffice API’s to read/write to the database ensures data consistency.
- SuperOffice CRM Online may only be accessed through our web services. We do not allow the creation of database trigger or stored procedure.
- We do not allow the creation of new database tables (use of the SODictionarySDK), so any extra information must either be stored in the existing tables or hosted in your own cloud.
- Ensure that Sentry rules are followed. Using the web services will ensure this happens automatically, however, be aware of the different sentry possibilities (roles, user-preference and sentry plugins) and give the user feedback when sentry denies access.
- Use the ForeignKey, ForeignDevice, ForeignApp tables to store extra information. If you need more tables, they must be hosted in your cloud. PartnerAgent
- Use preferences.
- Ensure role, group, and user permissions are adhered to. Take into account sentry rights.
- Use the SuperOffice API's
5. Provisioning/de-provisioning (deployment)
The installation is the first experience your customer has with your product. Many problems with software products are traced back to incorrect installation or configuration.
- Easy and robust deployment and installation and configuration will ensure customers are given a pleasant first impression.
- You need to provide us with a list of what is provisioned for a customer when installed.
- After uninstallation, there must be no trace of your product. This means SuperOffice CRM Online has to run normally and unaffected by your product.
- The installation process must be straightforward and easy to perform.
- Do not require administrative rights when running your product.
- Make a complete uninstall feature that ensures a complete removal of your application and all settings associated with it:
- SuperOffice related (i.e. user-defined fields, web panels, buttons, and preferences).
- The app may only be provisioned by an administrator, and make sure the app will clean up all configuration data in the database upon uninstall.
- User experience does not degrade on large sites.
- All operations must finish within a reasonable amount of time.
- You may be throttled by SuperOffice and the user should not experience this as a hang.
- We will at some point introduce throttling on the system – we may introduce some boundaries/limitations pr app/partner? As it is today, we reserve the right to stop your application if it causes performance problems for all customers. You will be notified when this happens.
- Provide feedback to the user if an operation takes time, like with SuperOffice CRM Online you have the cogwheels showing that there is a background task running.
- Running reports or similar requested work may take a long time.
- It is important that navigation in the client not be slowed down.
7. SuperOffice scripting usage
Please understand that we do not [at this time] support trigger-based calls from your application when events happen in SuperOffice. You must implement a polling service that periodically checks for the latest events and then process accordingly.
8. Localization and language support
Building localization features into the basic architecture of your product is essential to effective distribution, deployment and future maintenance of your product.
- SuperOffice CRM has users all over the world. These users are used to running SuperOffice CRM in their native language.
- All parts of the system – like dialogs, messages, standard reports, import data, and document templates – must be translated for each supported language
- The product must be multi-language compatible: the application handling common data, e.g. lists according to languages coding for each supported language. List values like NO: ”Bil”, US: “Car” must be parsed and presented correctly.
- Build structures for language support.
- Support the SuperOffice core languages in category 1: http://devnet.superoffice.com/Technical/Documentation/SM/Language-support/
- Your product should follow the SuperOffice language settings.
- We recommend using a professional agency for translation. (SuperOffice AS can offer partners access to the agency SuperOffice uses.)
- This point is only relevant if your product supports more than one language.
- Your product installation program can be limited to English only.
9. Graphical User Interface
The importance of providing the same look & feel is often underestimated by programmers when integrating two different applications.
Our experience is that simple is better and less is more. However, to make it simple for the user often means (a lot) more work for the programmer.
- Following the Style Guide will ensure that the product integrates seamlessly with SuperOffice and other partner products. The product will be experienced as a member of a product family.
- GUI elements that do not have a SuperOffice CRM graphical look are permitted as long as the host application is visible outside SuperOffice CRM Online.
- The GUI of your product must adopt the graphical look from SuperOffice CRM when your app adds web-panels or other visual interface directly in the SuperOffice application.
- Either use Microsoft Windows standard looks, or copy the SuperOffice CRM looks, but don’t try to mix the two.
- Hide unnecessary details behind a MORE >> button
- Hide seldom used buttons behind a TASK menu button
- Use buttons to indicate actions
- Prefer selecting from a drop-down list to typing in a text field. Provide history or autocomplete if possible.
- Help the user; disabled fields and buttons should provide an explanatory tooltip
- Disable buttons that have no effect (i.e. disable the Save button when nothing has been changed)
- Dialogs should arrange buttons along the bottom: Task, OK, Cancel
- Avoid nesting tabs – multiple tab layers are confusing
- Avoid having different modes in the same display
- Use progressive disclosure (i.e. use tooltip to show additional information on a list item)
- Test your own software not only with SuperOffice CRM Online but also with frequently used 3rd part software
- Proper product documentation will help the user help them self.
- The add-on must have an installation guide available in at least one language if the user needs to set up something in CRM Online manually.
- If the product is supported outside Scandinavia, an English, or country-specific, version must be available
- The add-on should have a user guide available in each supported language
- On upgrade, the add-on must have a release notes document available
- Use catalog Screenshots, Presentation, Screencast, or Youtube video that we may link to from our AppStore. During provisioning, these may also be easily available for the administrator who performs the operation.
- Provide SuperOffice and the certification team with the URLs so we may set them up correctly. We will at a later stage make it possible for you to edit your own applications.
The installation guide should contain a troubleshooting section to help customer administrators/consultants cope with common issues.
11. Release strategy
- Error reporting and diagnosing faults becomes much easier.
- Any new release of your application is your responsibility to verify that it still works
- Before major upgrades of CRM Online, you will be notified and given access to a beta of our new release in our SOD updated environment. You must verify your app in this new environment
- Certification tests are only run against the latest version.
- You may continue to use web services from an earlier release until we announce EOL
- Attend beta programs
- Continuous delivery
We recommend that you also run three parallel installations:
- One against our development environment (SOD)
- One against our staging environment (Stage)
- One against our production environment (online.superoffice.com)
- These require different installation URLs and Application Identity/Application Tokens.
- Be part of the beta programs. Whenever SuperOffice Online releases a newer version we will notify you via the forums, you should sign up for email notification. Make sure you upgrade your application to use the latest version of our endpoints as soon as possible.
You do not have to synch your version number to SuperOffice.