How does SharePoint Online user and tenant selection work in Confluence Cloud?

Owned by Thomas Dedek
Last updated: Oct 18, 2023 by Frank Schreiber
2 min read

Technical Details

Every request to SharePoint Online is done in the context of the current user. In order to reduce login attempts, our app has implemented mechanisms to optimize user selection and use SSO if possible.

Besides selecting the right user our app also supports embedding content from multiple SharePoint Online tenants on the same Confluence page.

This is useful especially in scenarios where you want to access content from a tenant you are added to as a guest. However, there are some restrictions due to the fact that you have to sign-in the same user separately into each tenant and data has to be requested separately for each tenant (for example in the edit macro dialogs you have to decide which tenant shall be used to get content from).

Because our app is a Client-Side-Only solution we are using the following browser capabilities to store user and tenant related information on the client:

 

What is stored ?

 

What is stored ?

Session storage

  • the username of the current app user

  • mapping between used tenantIds and domains (to reduce requests during the session)

Local storage

  • the username of the current app user (used to reduce login attempts on new browser sessions)

  • access tokens (done by MSAL)

Cookies

  • some caching done directly by MSAL

Process of user selection

The following diagram illustrates the user selection mechanism:

 

Which tenant is selected?

Currently, the tenant is selected automatically depending on the situation in which you are using the macros. In general, every macro acts independently in terms of tenant selection which makes it possible to have multiple macros on the same page where each macro can be used to show content from a different tenant.

On a single macro the tenant is selected based on the scenarios below:

Scenario

Selected tenant

Scenario

Selected tenant

View a document or list

The tenant where the list or document is located

Insert a new document or list macro

The home tenant of the current user

Edit an existing macro with already configured content

The tenant where the configured list or document is located

Currently, it’s not possible to switch actively between tenants while editing a macro. However, it’s likely that this feature will be implemented in the near future.

High Level Architecture

App Permissions