How do I make a Spotfire report based on SharePoint connector available to all users in my company?

[Rikard A]

Hi;

I have built a dynamic report based on Sharepoint lists and has used the Sharepoint connector. I have created a service Azure/MS365 account that has access to the Sharepoint site. This works fine when I open the report in Spotfire. I am prompted to select the service account I created and log in to access the report.

Want I want to do now is to make this report available, preferably through webplayer, to selected or all users at my company, without giving them access to the sharepoint site. What is the best way to do that? 

This is what I have tried:
- Save the connection in the library: Not sure if I have done it correctly, since the users still are asked for credentials (they don't have access to the service account) and therefore can't access the report. Is it possible to store the credentials so users don't need to log in to access the sharepoint?

Not tested:
- Enabling the Microsoft SharePoint Online Connector in Spotfire Web Clients (tibco.com) Will this allow me to save the credentials so users don't need to log in to access the sharepoint?

Spotfire 12.4
On-prem server

[David Boot-Olazabal]

Hi Rikard,

You should be able to save the credentials in the dxp file, via the Data Connection Properties:

If Sharepoint doesn't allow for that, you can create a profile (second option in the Data Source Settings window). This could also be the preferred option, if you're not allowed to save credentials in the dxp file itself.
You can find more information on this topic here: https://docs.tibco.com/pub/sfire-analyst/latest/doc/html/en-US/TIB_sfire-analyst_UsersGuide/connect/credentials_profiles_for_connectors.htm

Kind regards,

David

[Rikard A]

Thank you David,

The credential options don't exist in the Sharepoint connector. Is it possible to use SQL to connect to MS sharepoint lists? Or is it better to give all users read access to the sharepoint site? They should then get prompted to login when they access the data, and can use the two-factor auth. 

[David Boot-Olazabal]

Hi Rikard,

Yes, that is what I was afraid of. As I couldn't test it on my own laptop, I wasn't sure. But I think it has the same setup as Google Big Query, using a service account.
I know from other customers, that they used the profile option, as that was the most secure option and it can be 'included' in the connection (so no prompts for logon for end users).

You could also go for the option to grant read access to all users (and have them prompted), but from my experience the prompting will annoy end users quite a bit. Plus, you would open up the whole SharePoint site to every user, whereas if you use profiles, you could selectively grant read access to specific folders on SharePoint. The latter means a bit more work in setting up different profiles, but it's more secure (if that is an issue of course).

Kind regards,

David

[Rikard A]

The profile option looks good, but does it work for two factor auth? Or do I have to create a service account with only a password?

[David Boot-Olazabal]

Looking at the available documentation regarding profiles, it doesn't look that way: https://docs.tibco.com/pub/sfire-analyst/latest/doc/html/en-US/TIB_sfire-analyst_UsersGuide/connect/credentials_profiles_for_connectors.htm.
Also, as we have seen, the connection to SharePoint can only be using a normal connection or a stored profile: https://docs.tibco.com/pub/sfire-analyst/latest/doc/html/en-US/TIB_sfire-analyst_UsersGuide/connectors/sharepoint/sharepoint_overview.htm.

I have asked my colleagues to see whether 2FA is an option for the profiles or not (conform my thoughts).
I'll let you know as soon as possible.

Kind regards,

David

[David Boot-Olazabal]

Hi Rikard,

We're not entirely sure whether it should be possible to save the credentials on the connection or not. As you have mentioned, you couldn't do that, but maybe something went wrong.
Could you send us some screenshots of that particular issue, along with screenshots of the setup?

In any case, would you decide to use the profiles option, here is the documentation on how to do this for a SharePoint connector (the other link is the generic way to create a profile): https://docs.tibco.com/pub/sfire-analyst/14.4.0/doc/html/en-US/TIB_sfire-analyst_UsersGuide/index.htm#t=connectors%2Fsharepoint%2Fcreating_a_credentials_profile_for_microsoft_sharepoint_connections.htm

Kind regards,

David

[Rikard A]

Hi David,

I ended up using profiles, using the preference version. You create the Azure app, and then add the app credentials in the preference as in the image. Using the connector I stored in the library, everyone with access to the Azure app now can access the data in SharePoint AND has the preference set in their user group.

Thx for the help!