Solution Architecture

Owned by Alex Xie
Last updated: Oct 06, 2022
3 min read

Technical Infrastructure

The OneList Server is containerised and is deployed to Microsoft Azure Kubernetes Services for resilience and scalability.
The OneList server exposes an Adapter API that is consumed either directly (for System Adapter Integration (ie SAP) or through an integration platform. IQX adapters are delivered leveraging Azure integration services. Customers and 3rd parties are able to deploy their integration platform of choice.
OneList supports the OpenID authentication protocol, which enables customers to leverage Azure AD, Microsoft ADFS, Google, SAP and other common identity management platforms.
All OneList clients consume the same client API to ensure consistency of task presentation and processing across environments.
The OneList Server leverages Azure SQL services for persistence of configuration settings, authorisation profiles, process metadata for analytics and the active task cache.
The technical environment below is replicated for Dev and Production purposes.

Figure 19 – OneList Deployment Architecture

OneList Server

The OneList Server is the core component of the OneList solution. OneList server is responsible for connecting to each of the source workflow systems using the respective adapters, and exposing the task details and available actions via the OneList Gateway Service. Actions processed via the Web or native mobile apps are routed through the OneList Server to update the source systems.

OneList Web App

This is the default user-interface for accessing OneList. This web app can be accessed using both desktop and mobile browsers.

OneList Outlook App

This is an Outlook add-in that renders OneList conveniently in a panel in a Microsoft Outlook client. A task count is presented so that users can open the panel only when outstanding tasks appear.

OneList iOS/Android/Windows Mobile Apps

These are native applications app for iOS, Android and Windows devices. These apps provide rich user-interaction and offline processing capability. In the absence of an in-house Mobile Application Management framework, the mobile apps can be downloaded directly from the corresponding App Stores.

User Authentication

OneList can be configured to single-sign-on with your corporate Identity Management System, e.g. Azure AD, On-premises ADFS etc. The following diagram shows how OneList interacts with Azure AD for user authentication.

  1. User browses to the OneList URL.

  2. OneList redirects the browser to the Azure log in page (if the user is not already signed in).

  3. The browser navigates to the Azure log in page. The user completes the Azure sign in process including MFA if required.

  4. Azure redirects the browser back to the OneList URL with the Azure authentication token, e.g. SAML.

  5. The browser navigates to the OneList URL with the Azure authentication token.

  6. OneList validates the Azure token and, if the user is authorized to access the page, then responds with the requested page.

SAP Task Approval

When a task is approved using the OneList Web App or Mobile App, the approval request is recorded in OneList. The OneList SAP Adapter then retrieves the approval request and triggers the execution of the action in the workflow. The execution is performed inside SAP as a background job using the approvers SAP User ID and this enforces the SAP security and authorisation model on the transaction. The user must thus have all the required authorizations in SAP for approving the workflow task and associated business object.