Note: In TIBCO Cloud™ Spotfire® environments, you cannot use the Microsoft SharePoint Online connector in the Spotfire web clients.
To be able access SharePoint Online data in the Spotfire web clients (for user roles such as Spotfire Business Author and Consumer), you must configure your web player services to access SharePoint through your own registered application in Microsoft Azure.
This is required because in on-premises Spotfire environments the Spotfire web clients cannot make use of the Spotfire app in Microsoft Azure to access data from SharePoint Online.
Note: Spotfire installed clients use the Spotfire app in Microsoft Azure by default. If you want to change that, configure the preference settings instead.
Prerequisites
You need a registered app in Microsoft Azure.
Configuring your app in Microsoft Azure
Redirect URIs
Add the following address for your Spotfire Server as a Web Redirect URI:
https://<spotfire_server>/spotfire/wp/oauth2/code
Application (client) ID, client secret, and tenant ID
Collect the following information from your registered app in Microsoft Azure:
The application (client) ID
A client secret (you might have to create a new one and note it down)
The tenant ID (if you want to use single-tenant authentication)
Single-tenant and multi-tenant authentication
You can choose if you want to use single-tenant or multi-tenant authentication when fetching the token for your registered app. Make sure that under Supported account types, your app is configured as single-tenant or multi-tenant (accessible to accounts in any Azure AD directory), depending on which authentication you want to use. For more information about tenancy, see Tenancy in Azure Active Directory in the Microsoft documentation.
Note: If you configured your app as single-tenant, you must also configure your tenant ID. You can do this either in the web client service configurations or in the Preferences in the Administration Manager.
Configuring the Spotfire web clients
Add the application (client) ID and the client secret to the web client service configurations for your web clients. If you want to use single-tenant authentication, you must also add the tenant ID. You add these settings in the config file Spotfire.Dxp.Worker.Host.exe.config.
On the computer that runs Spotfire Server, export the service configuration you want to edit. See the instructions in the topic Manually editing the service configuration files, in the Spotfire Server and Environment Installation and Administration Manual for your version of Spotfire.
In the file Spotfire.Dxp.Worker.Host.exe.config,
locate or add the setting Spotfire.Dxp.Data.Adapters.MicrosoftCommon.Properties.Settings:
<Spotfire.Dxp.Data.Adapters.MicrosoftCommon.Properties.Settings>
<setting name="ClientSecret" serializeAs="String">
<value>Your client secret</value>
</setting>
<setting name="ClientId" serializeAs="String">
<value>Your application (client)
ID</value>
</setting>
</Spotfire.Dxp.Data.Adapters.MicrosoftCommon.Properties.Settings>
Add your application
(client) ID and your client secret
in the settings ClientId and ClientSecret
respectively.
Single-tenant authentication
If you want to use single-tenant authentication, also add your tenant ID to TenantId
in Spotfire.Dxp.Data.Adapters.MicrosoftCommon.Properties.Settings:
<setting name=”TenantId” serializeAs=”String”>
<value>Your tenant ID</value>
</setting>
Your tenant ID could either be a GUID or
the domain name of the tenant.
Note: The default value of this setting
is common and the multi-tenant approach.
Save your changes. Then import the service configuration, by following the instructions in the Spotfire Server and Environment Installation and Administration manual.
Note: If you have multiple service configurations that you use for different web player services, make sure to add these settings in all relevant service configurations. Remember that it is not possible to edit the default service configuration.
Preferences in Administration Manager
A different option for entering the application (client) ID, client secret, and tenant ID (if applicable) in Spotfire is to use the Azure AD preferences in Spotfire Administration Manager. With the preferences you can configure, per Spotfire user group, what Microsoft Azure registered app Spotfire uses in connections to SharePoint Online.
The preferences are available under Connectors > Azure AD Authentication:
ClientID
ClientSecret
TenantID (if you want to use single-tenant authentication)
The preferences are also in effect when you use Spotfire installed clients.
Important: If you have configured both the service configuration and the user group preferences for the logged in user, the preferences take precedence.
Note: If you haven't set the tenant ID in either the service configurations, or the preferences in the Administration Manager, you will automatically use the multi-tenant approach.
Settings for the installed client in your app in Microsoft Azure
If you use the preferences, you must change additional settings in your registered app in Microsoft Azure so that you can use the Spotfire installed client.
Add Mobile
and desktop applications as a platform in your registered app
in Microsoft Azure. In the platform add the following additional Redirect URI:
http://localhost
Make sure that your app in Microsoft Azure is not registered as a public client.