Versions Compared

Old Version 1

changes.mady.by.user Jeroen de Soeten

Saved on

compared with

New Version Current

changes.mady.by.user Jeroen de Soeten

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

The OneStream Adapter integrates with OneStream XF via the Marketplace XF. This is done by exporting the data and Metadata from OneStream via the Adapter API to make it visible in CXO.

Architecture


Configuration






Additional notes:

  • CXO OneStream Dashboard is a custom business rule loaded within the OneStream environment, which is hosted on Microsoft Azure.
  • The CXO OneStream Dashboard initiates a connection with the CXO software running within the corporate network of the client.
  • The CXO OneStream Dashboard sends both metadata and data to the CXO OneStream Adapter API.
  • All communication is sent over secure channels (HTTPS)
  • To ensure that only the CXO OneStream Dashboard is able to call the CXO OneStream Adapter API the API is protected with the OpenID-Connect protocol, using the Client Credentials scenario. This works as follows:
    • In the CXO Identity Provider a set of client credentials – client ID and client secret – is created specifically for the CXO OneStream Dashboard.
    • The credentials are configured in the CXO OneStream Dashboard.
    • The credentials are used to retrieve an access token for the CXO OneStream Adapter API. The token is valid for one hour.
    • The access token is sent along with every request to the CXO OneStream Adapter API. The API validates the token to make sure the request is coming from a trusted source.
  • To completely configure the CXO OneStream Dashboard it requires four settings:
    • Public URL to CXO Identity Provider
    • Public URL to CXO OneStream Adapter API
    • Client ID
    • Client secret




Additional notes:

  • All CXO related components should reside within the corporate network of the client, as drawn in the diagram above.
  • The Reverse Proxy running on a public webserver should expose a public URL for the CXO software so it can be called from the OneStream Cloud environment. The reverse proxy routes the requests to this URL to the internal servers in the corporate network.
  • The Firewall should be configured to limit access only from known IP addresses from the OneStream Cloud environment.