Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Configure by file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal

  • Multitenant Access Control
  • Developer documentation
  • How-to
  • Integrate with additional environments

How to integrate with additional environments

An integration of a module with additional separate environments can be supported by the module itself explicitly or enabled to some extent by appropriate manual configuration by operators. For this section, the combination of a module, a Portal and a Multitenant Access Control is considered an environment.

This diagram depicts two environments A and B. It shows Multitenant Access Control, Portal and the Apps A and B. It also contains the respective module in Multitenant Access Control and the registrations in Portal that represent the applications.

images/cross-environment-integration

Communication of App B of environment B with App A of environment A

App B has to request tokens from environment A’s Multitenant Access Control in order to communicate with App A which is protected using environment A’s Multitenant Access Control.

Prerequisites:

  • Representation of environment B’s App B as module in Multitenant Access Control of the environment A.

  • Assignment of sufficient permissions to the module representation to use App A.

  • The module App B must be able to manage client credentials for multiple environments (A and B).

Steps:

  1. Obtain token in the environment A using the module’s credentials of its module representation in environment A.

  2. Make call to App A of the environment A.

Adding views of App B of environment B to Portal of environment A

There is an option to add arbitrary views using Portal’s user interface. But this option does neither allow the control of visibility, nor sorting into the existing menu structure. For these features an actual module registration is required, which is described in this section.

Prerequisites:

  • Representation of App B as module in the other environment A.

  • Recommended: usage of a common identity provider for single sign-on sessions. If not, log in flows may interrupt or even block the usage of the integrated views in the environment A if users are not logged into the environment B simultaneously.

Steps:

  1. Register resources at App B’s module in environment A in order to control access / visibility of the views. Those resource can be registered by operators via API using the module’s credentials or managed by the module itself using the API of environment A’s Multitenant Access Control (if supported by the module).

  2. Register module with views in the environment A’s Portal. The registration can be executed by operators via API or managed by the module itself using the API of environment A’s Portal (if supported by the module).

    • The views have to be related to one of the module’s resources available in environment A to control visibility. Permissions inside the view are still managed by resources in environment B to which the view belongs.

    • The navigation paths must be unique, so collisions with navigation paths registered in the environment’s Portal have to be avoided.

    • The module’s view must not be blocked from being integrated in environment A. Security controls like the content security policies' frame-ancestors directive have to be configured accordingly.

  3. Grant access to users or modules in environment A’s Multitenant Access Control.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses