Verify Expected Kintone Functionality

Hello there! We are trying to validate the application flow we are aiming to develop so I will post our main goals and questions we have regarding the Kintone Implementation:

The web app (we will call it MainWebApp) will have some complexity because of the structure we have. For example:

  • Users register on our MainWebApp and they list what company/organization they belong to. The first user who registers a company is listed as the admin.

  • If a user registers and his company is already on our database at MainWebApp, the new user will be added associated as delegate user under that same company.

  • Any existing user can login to our dashboard at MainWebApp and will be able to request to be associated with any company (so, users can be associated with many companies).

  • In addition to this, we will have different member levels. Each level will have different authorization to access site resources. 

  • In addition to this, users will have a few links on their dashboard at MainWebApp which will direct the users to external sites. One of these external sites will be a custom web application built with php (will call it ExternalApp1) and the second will be Salsify (enterprise catalog system, we will call it ExternalApp2) which are both going to leverage SAML for SSO. Kintone CRM will be used as a CRM and although users will not be logging in to it from MainWebApp, we will POST updates to it to maintain customer records and as more of a log. 

  • There will be a specific set of users which will be site administrators. These users will be allowed access to the Wordpress CMS and will be able to log in to Kintone. Kintone login will only be accessible via the OneLogin landing page or directly at the Kintone site.

 

The process:

  • We will have our own login facade on MainWebApp. We are using wordpress as a CMS (and will most likely build a custom plugin for this).

  • Using our custom facade, users will type their username and password. We will use this to connect with the OneLogin API to create a session login token (which we will post using Javascript to /session_via_api_token)

  • After this, we will redirect people to a dashboard at MainWebApp. People will see links they are allowed to see. 

 

Questions:

  • Is there a straightforward method to post updates from Kintone back to one MainWebApp when customer records are updated directly on Kintone? (Such as a Hook?)

  • Our customer wants for super admin customer service staff to manage accounts using Kintone. This means, if they need to disable access to a user, they can by adding a flag on Kintone. They want this to sync with OneLogin to then revoke access to login (for example). Is this feasible? If so, what steps you recommend for this integration?

  • If a user inside MainWebApp requests to be associated with a company, our client told us we will have to do an API call to Kintone to then pass over this request. Our client said that  Kintone is capable of handling a workflow where a company main contact/admin can get an email to approve a user association using a link. Once this is done, Kintone will have to communicate back to MainWebApp to notify that the association was accepted. Is this all feasible with the platform? If not, what do you suggest?

Hello Manuel,

 

> Is there a straightforward method to post updates from Kintone back to Kintone? (Such as a Hook?)

 

With kintone, you can use Webhooks.

Using Webhooks, you can send notifications to the service you specify when editing a record on the kintone screen or with the API.

 

However, the service needs to support the JSON notifications sent from kintone.

 

If it is possible to use notifications from kintone to register updates in MainWebApp, you should achieve the desired functionality.

 

Webhooks:

https://developer.kintone.io/hc/en-us/articles/115002281807-Webhooks

 

Also, by using the kintone.proxy function that executes an external API, it is possible to execute APIs provided by external services.

 

Therefore, if you have prepared an API for posting updates in MainWebApp, you should customize your app to execute the API itself.

 

However, you will need to operate the app directly on the kintone screen to customize it.

 

Please note that it is impossible to run kintone.proxy from an external service, even if you run the API to kintone.

 

Kintone Proxy:

https://developer.kintone.io/hc/en-us/articles/213148917-kintone-Proxy

 

>Our customer wants for super admin customer service staff to manage accounts using Kintone.

>This means, if they need to disable access to a user, they can by adding a flag on Kintone.

>They want this to sync with OneLogin to then revoke access to login (for example). Is this feasible? If so, what steps you recommend for this >integration?

 

To perform single sign-on using SAML authentication, make sure that the login name set in “cybozu.com” and the NameID of the user account registered in the IdP match, and then perform the login process.

 

The OneLogin service details are unclear, but if the OneLogin service can control the log in process, you may be able to operate it as you desire.

 

For your reference, you can use the following user import API to control the use and deactivation of users registered on “cybozu.com.”

 

User API Overview:

https://developer.kintone.io/hc/en-us/articles/115008478208-User-API-Overview

 

>If a user inside MainWebApp requests to be associated with a company, our client told us we will have to do an API call to Kintone to then >pass over this request.

>Our client said that Kintone is capable of handling a workflow where a company main contact/admin can get an email to approve a user >association using a link.

>Once this is done, Kintone will have to communicate back to MainWebApp to notify that the association was accepted. Is this all feasible >with the platform? If not, what do you suggest?

 

If you want to notify the external services without operating the kintone screen, I think Webhooks would be the only option, such as the API, to operate kintone.

 

You can also use the REST API to get records at regular intervals from the MainWebApp side of the server to check for data changes.

 

Hopefully, this helps.