Deploying OnSite in a SaaS Environment

SaaS deployment is implemented by the Eptura technical services team. Eptura sets up cloud instances and maintains them. If you have any issues with the cloud instances, report them to the Eptura technical services team.

Components

SaaS deployments require the following:

  • The OnSite mobile app, downloaded from the Apple or Google Play app stores.

  • The Archibus SaaS Maintenance module

  • An OIDC-compliant cloud identity provider (IdP) to authenticate OnSite users. OnSite currently supports the Okta and Microsoft Azure identity providers.

Note : If your site uses single sign-on (SSO), the Archibus application server (OIDC configured) that is specifically created for OnSite must be in non-SSO mode. To set this, the Archibus security.properties file must specify to use Archibus Security Authentication. Otherwise, you will experience errors if the Archibus OnSite app server is configured with SSO Authentication and also OIDC is configured for OnSite.

Step 1: Configure an Identity Provider

The OnSite app authenticates users with a cloud identity provider (IdP) that is OpenID Connect (OIDC)-compliant. Customers will need to provide the cloud IdP. The app currently supports the following providers: Okta and Microsoft Azure

Once you select a provider, you can follow the steps below to configure your IdP for OnSite and coordinate with the Eptura technical services team so that they can link your SaaS Archibus instance to your IdP.

See

Step 2: Deploy an Apollo GraphQL Server

The OnSite mobile app connects to the Archibus API using the Apollo GraphQL platform as shown in the diagram below:

OnSite mobile app <> OnSite Apollo GraphQL <> Archibus Web Central


The Eptura technical services team will configure your SaaS instance to use the Eptura Apollo GraphQL production server.

Step 3: Configure Web Central

The Eptura technical services team will configure your SaaS Archibus Web Central instance to reflect your identity provider (IdP) and the Eptura Apollo GraphQL server by updating the settings in the following files:

  • WEB-INF\config\context\applications\configservice.properties

  • WEB-INF\config\oidc.properties

Procedure

You will need to coordinate with the Eptura team and provide some key values from your cloud IdP to properly configure the Web Central settings.

  1. For the configservice.properties IdP settings, provide the clientId and issuerUrl parameters from your IdP.

    You can find these values using the instructions in:

  2. Set the oidc.properties IdP settings . Provide the audience , issuer , and jwksUrl parameters from your IdP.

    You can find these values using the instructions in:

  3. The Eptura technical services team will configure Archibus to connect to your IdP based on the parameters your provide.

Step 4: Allow Sentry.io through the Customer’s Firewall (Optional)

If you run OnSite on your employees' phones through a company firewall, it is suggested you enable calls to Sentry.io domain. OnSite uses Sentry to log errors that might occur during app use, which enables us to resolve potential issues more quickly. Data logged in Sentry is obfuscated and no sensitive data is stored.

Step 5: Configure the Push Notifications

To enable push notification, configure push-notification.properties and configservice.properties , as outlined below.

push-notification.properties

Edit WEB-INF\config\push-notification.properties to provide settings for:

Property Description Value
pushNotification.endpoint AWS notification endpoint URL This is always https://onsite.prod.archibus.cloud/notification
pushNotification.endpointApiKey AWS push notification endpoint API key Archibus staff manages this for each customer.
pushNotification.workspaceId OnSite workspace ID

This is the same value that you enter when signing into OnSite at your site. Eptura supplies this to your company.

push_workspace_signin.png

pushNotification.bundleId OnSite client bundle ID

For production, this is always com.archibus.onsite

For staging, this is always com.archibus.onsite.staging

Example:

# # Site-configurable properties for OnSite push notification. # The AWS push notification endpoint url pushNotification.endpoint=https://onsite.prod.archibus.cloud/notification # The AWS push notification endpoint API Key pushNotification.endpointApiKey=TpTmBvlAnN1gp5vP69KAA2opoG7wNUXr6d8PRBW6 # The OnSite workspace id, for example 'onsite-release-afmusers.dev.archibus.cloud' pushNotification.workspaceId=onsite-release-afmusers.dev.archibus.cloud # The OnSite client bundle id, 'com.archibus.onsite' is for production, 'com.archibus.onsite.staging' is for staging test pushNotification.bundleId=com.archibus.onsite

configservice.properties

Edit \WEB-INF\config\context\applications\configservice.properties to provide push notification-related settings for OnSite client side for:

Property Description Value
configService.onsite.notificationServiceUrl Notification Service URL for mobile apps This is always https://onsite.prod.archibus.cloud
configService.onsite.notificationServiceApiKey Notification Service API key for mobile apps Archibus staff manages this for each customer.

Example:

# Notification Service URL for mobile apps configService.onsite.notificationServiceUrl=https://onsite.prod.archibus.cloud # Notification Service API key for mobile apps configService.onsite.notificationServiceApiKey=TpTmBvlAnN1gp5vP69KAA2opoG7wNUXr6d8PRBW6