Enterprises have a trove of business resources and data that are often under-utilized – users, calendars, contacts, emails, tasks, documents and other files. Often there are redundancies between what users do with Office applications and other enterprise applications, and a painful lack of integration.
In prior posts, I discussed the compelling new Office 365 development platform and introduced Matter Center to demonstrate how integrating web-based add-ins directly into Office applications like Outlook can lead to productivity gains and happy users.
In this post we’ll introduce a sample application to show a practical example of how we can use these technologies to bring enterprise applications together with these valuable resources.
Microsoft’s new unified Graph API provides a RESTful Web API for programmatic access to the wealth of resources and functionality in both Office 365 and Azure Active Directory. With this single endpoint you have a platform-independent, secure API to integrate with applications, services and workflows.
One Identity: Azure Active Directory
Azure Active Directory (AAD) is Microsoft’s “Identity as a Service (IDaaS)” solution, and it provides authentication and authorization services for Office 365. Your directory can exist entirely in the cloud or be synchronized with an on-premises Active Directory. The same Azure Active Directory credentials are used to secure all Graph API calls.
Example App: Work Item Tracker
As a simple example, let’s imagine a Work Item tracking system that lets authorized users add, update and delete work items. When a work item is created, we want it automatically assigned to a user who is available on the work item’s due date. Once assigned, the application sends an email notification to the user. We’d like the user to be able to manage work items without having to switch from Outlook to the full application.
The flow for adding a work item looks like this:
We’ll use Microsoft Azure for hosting and services, so our architecture diagram looks like this:
The architecture has these components:
- An ASP.NET Work Item app with both a Web API for REST access to work items, and an MVC controller for the UI. Both will be secured by requiring Azure Active Directory credentials.
- An Azure SQL Database to store the work items.
- An Azure Storage Queue: we don’t want to tie up the work item save operations with additional scheduling and email processing, so we’ll add an item to the queue and process it in the background.
- An associated Web Job that processes items in the queue by using the Graph API to find an available user and send an email upon assignment. This means we’ll need to configure app-only credentials in AAD for access to Office 365.
- An Outlook Add-in that allows users to manage the work item in Outlook. Its web app can be serviced by the same App Service instance as our other web.
The App and Add-in in Action
Here are a few example screen shots of the solution in action.
We can get to the home page without authentication:
When we try to view or create a work item, we are redirected to sign in with our Azure Active Directory account using the standard Microsoft login page:
After signing in, we can view, create, edit and delete work items. Let’s add a new one:
When we click the Create button, the item is saved to the database, and a task to assign the work item is added to the queue. Then our worker job picks up the item from the queue, checks user’s calendars in Office 365, and assigns the work item to an available user and sends a notification email. Here we see the new item assigned:
Now in Outlook we can see the email notification. When viewing the item, we see a link to the Work Item add-in:
If we click on the Work Item Form link, it opens our Add-in application which looks up the work item related to the email:
Let’s set the Status to In Progress, add some Notes and Save:
We can check back with the full application to confirm the changes:
We’ve just scratched the surface of what the Graph API and Office 365 Add-ins have to offer, but we’ve already realized these benefits:
- A single authentication and authorization source to secure all resources and applications using Azure Active Directory.
- Retrieving a list of users to consider for scheduling from Azure Active Directory. We could easily leverage groups in AAD for more granular management of which users should be considered.
- Automated scheduling and work assignment based on users’ calendars in Office 365.
- Securely sending email notifications to users with ease.
- Users can securely manage work items from within their email notification in Outlook. No need to switch applications.
In my next post we’ll take a look more closely at the Graph API and the implementation for this example.
Further Reading from our Office 365 Series: