Advantages of Using Microsoft Authentication and Integration on the RIVER Platform • River

Bartuğ Sevindik

In the age of digitalization, the need to optimize business processes and increase efficiency is increasing day by day. At this point, RIVER, Turkey’s leading No-Code Application Development Platform, is not only an application development tool, but it also offers a powerful solution for companies that want to modernize their business processes. In this article, we will examine the Microsoft Graph API integration on the RIVER platform and the advantages of this integration in detail. Immediately afterwards, we will better understand the integration process on the RIVER platform by discussing the Microsoft Authentication Library (MSAL) library and the use of this library with JavaScript.

Benefits of River and Microsoft Integration

Microsoft Graph API is a library that allows users and applications to securely access Microsoft cloud services. This integration brings the various advantages offered by the RIVER platform with it. Here are the main advantages of Microsoft Graph API:

Security: Microsoft Graph API securely manages authentication processes of its users. It increases the security level with features such as receiving mobile confirmation and double-factor authentication.
Authorization: RIVER platform allows access to applications with certain authorizations using the capabilities provided by the Microsoft Graph API. With this, the user is allowed to access only certain operations.
Speed and Easy to Use: Through Microsoft Graph API integration, RIVER platform provides users with access to many Microsoft applications with a single login. This provides users with a fast and easy experience.

RIVER platform performs effective integration by taking advantage of the security, authorization and fast access advantages offered by Microsoft Graph API. In this way, users can access Microsoft cloud services safely and quickly via RIVER platform.

Login with Microsoft Mail

First of all, when users log in to the River platform, they can log in not only with the e-mail password combination defined for them, but also with their Microsoft accounts.

Using Microsoft Graph on the RIVER platform, users can log in securely through their Microsoft accounts. This makes the platform easy to access, with a single click.

E-mail Integration

The security and authorization features offered by Microsoft Graph make it possible to send and receive e-mail on the RIVER platform with not only a secure but also a user-friendly experience. Thanks to this integration, our users can easily use the extensive features provided by Microsoft Outlook within the RIVER platform.

Receiving and Sending Mail: Microsoft Graph allows users to receive and send emails with Microsoft Outlook integration on the RIVER platform. Users can easily perform these actions within the platform, which allows them to manage their business processes more effectively.
File Transfer: With the e-mail integration, file transfers can be done securely on the RIVER platform. Users can share and receive their files directly via email.
Search and Filtering: Microsoft Graph provides convenience to users with search and filtering features in e-mail integration. Users can quickly access the information they want within the large data set.
Send Permission Control: Users can control permissions to send emails to specific people thanks to Microsoft Graph’s authorization features. This allows sensitive information to be shared securely.

Task Tracking

RIVER platform makes task tracking more effective and user-friendly through to integration with Microsoft. The features offered by this integration are as follows:

Automated Tasks: The task tracking system integrated with Microsoft allows users to add automatic tasks without having to add them manually. This allows business processes to be automated.
Team Permission Distribution: Microsoft integration enables good permission distribution within the team for task tracking. Users can manage their access rights to specific tasks or projects.
File, Comment, and Process Link: Users can link files, comments, and processes to tasks. This allows task tracking to be done in a more meaningful and holistic way.
Kanban Boards and Gantt Charts : With Microsoft integration, task tracking is supported with visual tools such as kanban boards and Gantt charts. This allows users to better plan and track business processes.

Power BI Integration

RIVER platform uses Microsoft integration to increase access to Power BI reports and make them easier to use. The advantages of this integration are:

Access Without Re-Logging: Power BI reports can be used within the RIVER platform without re-logging by the Microsoft Graph integration. Users are able to quickly review and analyze reports.
Use in River Widgets: Power BI reports can be directly integrated within the freshly developed River widgets. With this, users can access reports in a faster and more user-friendly way.

These integrations, combined with the security and speed benefits offered by Microsoft Graph, make the RIVER platform more effective and user-centric. By integrating with Microsoft’s applications such as Outlook, Teams and Power BI, it becomes possible to optimize business processes and increase efficiency.

Azure Service and Project Creation

Azure is a cloud-based service provider and includes a variety of services. In this section, we will focus on how to create a project from the Azure portal and its basic rights.

Creating a Project via Azure Portal

Creating a new project via the Azure portal is quite simple. Here are the basic steps:

Log in to the Azure portal.
Click “Create a resource” from the menu on the left.
Find the “Web App” option from the “Web + Mobile” category.
Create a project by filling in the required information.

Purposes and Use of Azure Project

An Azure project provides an infrastructure for hosting an application or a service on the cloud. Here are the main purposes of the Azure service:

Cloud Based Services: Azure allows you to host your applications and databases on the cloud. This provides easy access to resources and scalability.
High Security: Azure protects your data with advanced security measures. It has security features such as authentication, access control and data encryption.
Scalability: Azure offers the ability to increase or decrease resources based on your needs. In this way, it is possible to optimize the performance of your applications.
Compatibility with Different Programming Languages: Azure supports various programming languages. It can host applications written in languages such as .NET, Java, Python, Node.js.

Basic Powers of the Azure Project

Basic benefits specified when creating an Azure project typically include:

Resource Group: Used to group the resources that contain your project.
Application Type: You can choose different application types such as Web App, Mobile App.
Data Center Region: Possibility to choose the geographical region where your project will be hosted.
Database: Ability to integrate Azure databases as needed.

These permissions determine the overall configuration and usage of the project. The Azure project provides developers with a powerful cloud infrastructure, making their applications more secure and scalable.

After this stage, we can move on to API Services, which is one of the services provided by Azure, and ensure integration with the RIVER platform by creating an API service via Azure.

Microsoft Graph API Usage

Microsoft Graph API is a library that allows users and applications to securely access Microsoft cloud services. This library offers great advantages to application developers by simplifying authentication and authorization processes. To use Microsoft Graph, we first need to make use of Azure services.

Authentication Transactions:

Authentication by using Microsoft Graph is generally performed to manage a user’s authentication processes and provide secure access. Let’s examine the Microsoft Graph integration with C# codes below:

Example above allows a user to obtain an access token with Microsoft Graph. This process allows a client to be securely authorized with credentials. The “Your_Client_Id”, “Your_Tenant_Id” and “Your_Client_Secret” sections in the code must be replaced with the information of your own application.

Access Token and Response JSON:

Access token is used to provide access to API services. For example, for the task tracking feature integrated with Microsoft on the RIVER platform, one can acces the Microsoft Graph API with this token. The access token verifies that the client is authorized by using it in API request headers.

Response JSON example:

Access token, “access_token” alanındaki uzun bir karakter dizisi olarak döner. Bu token, API isteği yaparken kullanılır ve istemcinin belirli bir süre boyunca yetkilendirildiğini doğrular. “expires_in” alanı, tokenin geçerlilik süresini saniye cinsinden belirtir. Access token, güvenlik katsayısını artırırken, kullanıcının belirli API hizmetlerine yetkilendirilmiş bir şekilde erişim sağlar. Bu sayede, RIVER platformu üzerindeki görev takibi gibi Microsoft ile entegre özellikler daha güvenli bir şekilde kullanılabilir.

Microsoft Graph çalışma mantığı için ilgili linke bakmanızı tavsiye ederim:
https://learn.microsoft.com/en-us/graph/auth-v2-user?tabs=http https://learn.microsoft.com/en-us/graph/traverse-the-graph?tabs=http

Microsoft Authentication Library (MSAL) Kullanımı (JavaScript)

Microsoft Authentication Library (MSAL), kullanıcıların ve uygulamaların Microsoft bulut hizmetlerine güvenli bir şekilde erişmelerini sağlayan bir kütüphanedir. MSAL, özellikle JavaScript ile uygulama geliştirenler için kullanıcı kimlik doğrulama işlemlerini kolaylaştırır. İşte MSAL kütüphanesinin JavaScript’te kullanımına dair örnek bir kod:

In the example JavaScript code above, a user’s authentication process is managed using the MSAL library and an access token is received after successful authentication. The “Your_Client_Id”, “Your_Tenant_Id”, and “Your_Redirect_Uri” sections in the code should be replaced with one’s own application information.

These examples contain basic information explaining the use of the Microsoft Graph API and the MSAL library. You can expand these examples and adapt them to user-specific scenarios according to your needs.

I recommend you to inspect this link for the working logic of the MSAL library:

https://github.com/AzureAD/microsoft-authentication-library-for-js

Request a Demo

Open Consent	Consent on a specific issue, based on information and freely explained and given.
Anonymization	Making the data previously associated with a person impossible to associate with an identified or identifiable natural person under any circumstances, even by matching with other data.
Employee Candidate	Real persons who do not work for the company but have the status of employee candidate.
Personal Data	Any information relating to an identified or identifiable natural person.
Data Subject	The natural person whose personal data is processed.
Processing of Personal Data	Any operation performed on personal data such as obtaining, recording, storing, preserving, modifying, reorganizing, disclosing, transferring, taking over, making
	available, classifying or preventing the use of personal data by fully or partially automatic means or by non-automatic means provided that it is part of any data recording system.
Law	Law No. 6698 on the Protection of Personal Data (LPPD) published in the Official Gazette dated April 7, 2016 and numbered 29677.
Special Categories of Personal Data	Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, clothing, membership of associations, foundations or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Policy	Policy on Processing and Protection of Personal Data of the Firm / Company……
Company/Firm	The Firm ……………… the Company………………
Data Processor	A natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller.
Data Controller	The person who determines the purposes and means of processing personal data and manages the place where the data is kept systematically.
Data Recording System	It is a recording system where personal data is structured and processed according to certain criteria.
Business Partners	Persons with whom the Company has established a partnership within the scope of contractual relations within the framework of its commercial activities.

Data Subject Categories	Description
Customers	It refers to real persons who benefit from the products and services offered by the Company and real persons who show interest in the products and services offered by the Company and have the potential to become customers.
Employee	Company Shareholder, Company official, Group Company Employee/Shareholder/Authorized Persons/Members of the Board of Directors White collar, blue collar, Former Employee/Retired, Employee Candidate, Active Intern, Intern Candidate
3rd Persons
Potential Customers	Refers to real persons who show interest in the products and services offered by the Company and have the potential to become customers.
Employee Candidates	Refers to real persons who apply for a job by sending a CV to the Company or by other methods.
Visitors	Refers to people who visit the Company for any reason.
Third Parties	It refers to real persons other than the employees of the Company as well as the categories of data subjects mentioned above.

Data Category	Description
Identity information	Information contained in documents such as driver’s license, identity card, residence card, passport, lawyer ID, marriage certificate.
Contact info	Information used to contact the person (e.g. e-mail address, phone number, cell phone number, address).
Location information	Information that enables the location of the data subject to be determined (e.g. location information obtained when driving).
Customer information	Information about customers who benefit from our products and services (e.g. customer number, occupation, etc.).

Customer transaction information	Information on all kinds of transactions made by customers who benefit from our products and services.
Physical space security knowledge	Personal data related to records and documents such as camera recordings, fingerprint records taken at the entrance to the physical space, during the stay in the physical space.
Transaction security knowledge	Personal data processed to ensure technical, administrative, legal and commercial security while conducting the Company’s commercial activities.
Financial information	Personal data processed regarding information, documents and records showing all kinds of financial results created according to the type of legal relationship established by the Company with the personal data subject.
Employee candidate information	Personal data processed in relation to individuals who have applied to become an employee of the Company or who have been evaluated as employee candidates in line with human resources needs in accordance with commercial practices and honesty rules or who are in a working relationship with the Company.
Legal process and compliance knowledge	Personal data processed within the scope of determination, follow-up and fulfillment of the Company’s legal receivables and rights, and compliance with its legal obligations and company policies.
Audit and inspection knowledge	Personal data processed within the scope of the Company’s legal obligations and compliance with company policies.
Special categories of data	Data on race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, appearance and dress, membership of associations, foundations or trade
	unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data.
Marketing knowledge	Personal data processed for the marketing of the products and services offered by the Company by customizing them in line with the usage habits, tastes and needs of the personal data subject, and the reports and evaluations created as a result of these processing results.
Knowledge of request/complaint management	Personal data regarding the receipt and evaluation of any request or complaint addressed to the Company.
Knowledge of reputation management	Information collected for the purpose of protecting the Company’s commercial reputation and information about the evaluation reports and actions taken.
Knowledge of incident management	Personal data processed in order to take the necessary legal, technical and administrative measures against the events that develop in order to protect the commercial rights and interests of the Company and the rights and interests of its customers.

Persons to whom data can be transferred	Definition	Objective
Business Partner	Parties with which the Company establishes a business partnership while conducting its commercial activities	Sharing of personal data limited to the purpose of ensuring the fulfillment of the purposes for which the business partnership was established
Shareholders	Shareholders who are authorized to design the strategies and audit activities regarding the Company’s commercial activities in accordance with the provisions of the relevant legislation	Sharing of personal data limited to the design of strategies regarding the commercial activities of the Company and for audit purposes
Company Authorities	Board members and other authorized persons	Sharing of personal data limited to the design of strategies regarding the commercial activities of the Company, ensuring its management at the highest level and for audit purposes
Legally Authorized Public Institutions and Organizations	Public institutions and organizations legally authorized to receive information and documents from the Company	Sharing personal data limited to the purpose of requesting information by the relevant public institutions and organizations
Legally Authorized Private Law Persons	Private law persons legally authorized to receive information and documents from the Company	Sharing data limited to the purpose requested by the relevant private law persons within their legal authority

Benefits of River and Microsoft Integration

Login with Microsoft Mail

E-mail Integration

Task Tracking

Power BI Integration

Azure Service and Project Creation

Creating a Project via Azure Portal

Purposes and Use of Azure Project

Basic Powers of the Azure Project

Microsoft Graph API Usage

Microsoft Authentication Library (MSAL) Kullanımı (JavaScript)

1. Introduction

1.1 Purpose of the Policy

1.2 Scope

1.3 Definitions

1.4 Entry into Force of the Policy

2. Information on Personal Data Processing Activities Conducted by the Company

2.1 Data Subjects

2.2 Purposes of Processing Personal Data

2.2.1 Carrying out the necessary work by the relevant units and executing business processes to ensure that the relevant people benefit from the products and services offered by the Company:

2.2.2 Planning and execution of company human resources policies and processes:

2.2.3 Carrying out the necessary work by the relevant business units for the realization of the commercial activities carried out by the company and carrying out the related business processes:

2.2.4 Planning and execution of the activities necessary to recommend and promote the products and services offered by the company to the relevant persons by customizing them according to their tastes, usage habits and needs:

2.2.5 Planning and execution of the Company’s commercial and/or business strategies:

2.2.6 Ensuring the legal, technical and commercial business security of the Company and the relevant persons who have a business relationship with the Company:

2.3 Categories of Personal Data

3. Principles and Conditions Regarding the Processing of Personal Data

3.1 Principles Regarding the Processing of Personal Data

3.1.1 Processing of Data in Compliance with the Law and Rules of Good Faith

3.1.2 Ensuring that Personal Data is Accurate and Updated When Necessary

3.1.3 Processing of Data for Specific, Explicit and Legitimate Purposes

3.1.4 Retention of Data for the Period Stipulated in the Relevant Legislation or Required for the Purpose for which they are Processed

3.2 Conditions Regarding the Processing of Personal Data

3.2.1 Explicit consent of the personal data subject

3.2.2 Personal data processing activities being explicitly prescribed by law

3.2.3 Failure to obtain the explicit consent of the person due to actual impossibility

3.2.4 The personal data being directly related to the establishment or performance of a contract

3.2.5 Fulfillment of legal obligations by the Company

3.2.6 Publicization of personal data of the data subject

3.2.7 Data processing being mandatory for the establishment or protection of a right

3.2.8 Data processing being mandatory for the legitimate interest of the Company

3.3 Processing of Special Categories of Personal Data

4. Transfer of Personal Data

4.1 Transfer of personal data to domestic third parties

4.2 Transfer of personal data to third parties abroad

4.3 Third parties to whom personal data are transferred and the purposes of transfer

5. Rights of the Data Subject and Exercise of Related Rights

5.1 Rights of the personal data subject:

5.2 Cases where the personal data subject cannot assert his/her rights:

6. Deletion, Destruction, Anonymization of Personal Data

Contact Us