Applications can have 2 different types of interaction with tenant installations: interactive user sessions; non-interactive background services.
SuperOffice CRM Online supports both types of interactions. The first as an application user context and the second as a system user context.
Application user (interactive)
This is the typical case when a person is signed in to SuperOffice CRM Online.
- Application is interactive/reactive
- Application has UI in SuperOffice
- Users have their own sign-in credentials
- Users have their own options
Applications are not allowed to directly ask users for their credentials, and therefore must use SuperOffice federated authentication to sign SuperOffice CRM Online users into their applications.
System user (non-interactive)
All applications that run as background tasks, without user interaction, must receive a system user token and use the system-user flow for interacting with our web services. None of the OpenID Connect flows are supported.
The system user has unlimited access to the tenant and is not restricted by functional rights or data rights.
- The application runs in the background
- The application must bypass the sentry
- No UI elements in SuperOffice
- Runs as a service
See also application models terminology and the system user MVC example.