/
How does SharePoint Online user and tenant selection work in Confluence Cloud?

How does SharePoint Online user and tenant selection work in Confluence Cloud?

Technical Details

Every request to SharePoint Online is done in the context of the current user. To reduce login attempts, our app has implemented mechanisms to optimize user selection and use SSO if possible.

Besides selecting the right user our app also supports embedding content from multiple SharePoint Online tenants on the same Confluence page.

This is useful, especially in scenarios where you want to access content from a tenant you are added to as a guest. However, there are some restrictions due to the fact that you have to sign in the same user separately into each tenant and data has to be requested separately for each tenant (for example in the edit macro dialogs you have to decide which tenant shall be used to get content from).

Because our app is a Client-Side-Only solution we are using the following browser capabilities to store user and tenant-related information on the client:

 

What is stored?

 

What is stored?

Session storage

  • the username of the current app user

  • mapping between used tenant's IDS and domains (to reduce requests during the session)

Local storage

  • the username of the current app user (used to reduce login attempts on new browser sessions)

  • access tokens (done by MSAL)

Cookies

  • some caching is done directly by MSAL

Process of user selection

The following diagram illustrates the user selection mechanism:

 

Which tenant is selected?

Currently, the tenant is selected automatically depending on the situation in which you are using the macros. In general, every macro acts independently in terms of tenant selection making it possible to have multiple macros on the same page where each macro can be used to show content from a different tenant.

On a single macro, the tenant is selected based on the scenarios below:

Scenario

Selected tenant

Scenario

Selected tenant

View a document or list

The tenant where the list or document is located

Insert a new document or list macro

The home tenant of the current user

Edit an existing macro with already configured content

The tenant where the configured list or document is located

Currently, it’s not possible to switch actively between tenants while editing a macro. However, it’s likely that this feature will be implemented in the near future.

Related Articles

High Level Architecture

App Permissions