When the customer clicks I approve, it should automatically set up your application. This is accomplished by a tenant administrator user installing the application and interacting with its provisioning routines:
- The user successfully signs into SuperID, is then forward to the application's installation pages, and the application begins to use the administrative credentials it received from SuperID to access and set up the tenant via the APIs.
- The application creates whatever it needs to exist and function inside SuperOffice (such as web panels, buttons, lists, and list items).
Provisioning a partner application may involve configuration or settings in both SuperOffice and the other partner service depending on what the application actually does.
Automatic or manual provisioning?
Provisioning must be as automatic as possible. In some cases, it can include manual instructions with the intent of automating this later.
For example, if the application requires new web panels in the SuperOffice solution, it should ideally create the web panels for the customer during provisioning. The alternative is for the customer to manually follow a set of instructions for how to create these themselves, which will open up for errors.
Benefits of automation
Automating provisioning improves the customer's experience and is more scalable.
If and when you include instructions, make sure they are as clear and failproof as possible (simple recipes that non-technical people can follow).
If you don't offer automatic provisioning from day 1, be prepared to do so soon after.
Risk when provisioning manually
Manual provisioning might introduce potential errors. You also run the risk of the customer never getting the application going.
During the provisioning of your application, the customer's administrator must authorize the application. This is done to secure each customer tenant in the online environment, and it is a requirement, not optional.
Only a tenant user with administrator rights is allowed to approve online applications, both for standard and custom application types.
The tenant administrative user must sign in to SuperID and approve the application to establish an authorization record between the application and the tenant. If this option is unavailable to you, a strict hand-shake flow must be implemented.
The SuperOffice Operation Center stores information about when the application was authorized and which user clicked I approve.
Is consent a one-time action?
No. The application must be approved in each environment.
Some changes will require the customer's administrator to re-approve the application before it gets access to the database after the change.
Re-approval is mandatory when:
- your application initially runs in the application user context and you want to run as the system user
- you want to add Webhooks to an existing application
- you want to add database mirroring to an existing application
During approval, the customer's administrator should accept the following change if prompted:
from: sentry prevents a user from seeing what they should see
to: full access to everything in a customer database