Nexeed Documentations
Search
Multitenant Access Control 1.33.0
  • Integration Guide
  • Core Services
    • ID Builder
      • 3.6
      • 3.5
    • Deviation Processor
      • 1.10
      • 1.9
      • 1.8
    • Multitenant Access Control
      • 1.34.0
      • 1.33.0
      • 1.32.0
    • Notification Service
      • 1.27
      • 1.26
    • Ticket Management
      • 7.17.1
      • 7.17.0
      • 7.16.0
    • Web Portal
      • 5.21
      • 5.20
    • Block Management
  • Shopfloor Management
    • Global Production Overview
      • 5.8
      • 5.7
      • 5.6
    • Shopfloor Management Essentials
  • Machine & Equipment
    • Condition Monitoring
      • 4.6.0
      • 4.5.1
      • 4.5.0
      • 4.4.1
      • 4.4.0
    • Tool Management
      • 2.9
      • 2.8
      • 2.7
    • Maintenance Management
  • Product & Quality
    • Product Setup Management
      • 3.10
      • 3.8
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
      • 3.9
      • 3.8
      • 3.7
    • Order Management
      • 5.9
      • 5.8
      • 5.7
  • Intralogistics
    • Transport- & Stockmanagement
      • 4.2.0
      • 4.0.2
  • Machine & Equipment
    • Condition Monitoring
      • 4.6.0
      • 4.5.1
      • 4.5.0
      • 4.4.1
      • 4.4.0
    • Maintenance Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • ERP Connectivity
      • 4.12.0
      • 4.11.0
      • 4.10.0
    • Data Publisher
    • Information Router
    • Master Data Management
      • 8.5.1
      • 8.5.0
      • 8.4.2
      • 8.4.1
      • 8.4.0
    • Orchestrator

Nexeed
Multitenant Access Control

    • Introduction
    • Concepts
      • Authentication
      • Authorization
      • Resources
      • Roles
      • Sharing
    • Getting started
      • Registration
      • Authentication
      • Authorization
      • Multitenancy
    • How-to
      • Get & handle tokens
      • OAuth 2.0 for Mobile and Native Apps
      • Evolve authorization in your application lifecycle
      • Use Web Core for user login
      • Handle our integration events
      • Do automated testing
      • Integrating with other environments
    • Deep dives
      • OAuth2 and its flows
      • OpenID Connect endpoints
    • Troubleshooting
    • Glossary
    • API documentations
      • HTTP API
      • Event API
  • Multitenant Access Control
  • How-to
  • Integrating with other environments
1.34.0 1.33.0 1.32.0

How to integrate with additional environments

An integration of a module with additional separate environments can be supported by the module itself explicitly or enabled to some extent by appropriate manual configuration by operators. For this section, the combination of a module, a Portal and a Multitenant Access Control is considered an environment.

This diagram depicts two environments A and B. It shows Multitenant Access Control, Portal and the Apps A and B. It also contains the respective module in Multitenant Access Control and the registrations in Portal that represent the applications.

images/cross-environment-integration

Communication of App B of environment B with App A of environment A

App B has to request tokens from environment A’s Multitenant Access Control in order to communicate with App A which is protected using environment A’s Multitenant Access Control.

Prerequisites:

  • Representation of environment B’s App B as module in Multitenant Access Control of the environment A.

  • Assignment of sufficient permissions to the module representation to use App A.

  • The module App B must be able to manage client credentials for multiple environments (A and B).

Steps:

  1. Obtain token in the environment A using the module’s credentials of its module representation in environment A.

  2. Make call to App A of the environment A.

Adding views of App B of environment B to Portal of environment A

There is an option to add arbitrary views using Portal’s user interface. But this option does neither allow the control of visibility, nor sorting into the existing menu structure. For these features an actual module registration is required, which is described in this section.

Prerequisites:

  • Representation of App B as module in the other environment A.

  • Recommended: usage of a common identity provider for single sign-on sessions. If not, log in flows may interrupt or even block the usage of the integrated views in the environment A if users are not logged into the environment B simultaneously.

Steps:

  1. Register resources at App B’s module in environment A in order to control access / visibility of the views. Those resource can be registered by operators via API using the module’s credentials or managed by the module itself using the API of environment A’s Multitenant Access Control (if supported by the module).

  2. Register module with views in the environment A’s Portal. The registration can be executed by operators via API or managed by the module itself using the API of environment A’s Portal (if supported by the module).

    • The views have to be related to one of the module’s resources available in environment A to control visibility. Permissions inside the view are still managed by resources in environment B to which the view belongs.

    • The navigation paths must be unique, so collisions with navigation paths registered in the environment’s Portal have to be avoided.

    • The module’s view must not be blocked from being integrated in environment A. Security controls like the content security policies' frame-ancestors directive have to be configured accordingly.

  3. Grant access to users or modules in environment A’s Multitenant Access Control.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2024, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses