Network Administrator

AgilePoint NX apps typically connect to many other external applications, such as SMTP, Database, SharePoint, Active Directory, and so on. It is critical that the networking team set up some monitoring and alerts to avoid downtime because of connectivity issue or network latency. AgilePoint installation involves opening a few ports (explained later in this document) and setting up things like SSL, fully qualified domain name (FQDN) and a network administrator would be required to make these configurations.

This user is required during installation, monitoring network connectivity alerts, and similar tasks. This role is typically fulfilled by someone from IT team who manages the rest of your network. Once the installation is complete, network administrator is required part-time as monitoring tasks do not need full-time involvement.

Permissions for Network Administrators

Network administrators do not require any specific accounts or permissions for AgilePoint NX. However, they must maintain the network infrastructure for AgilePoint NX and some connections to external systems.

Network Resources and Credentials

These network resources are critical to operation and performance in AgilePoint NX:

  • Internet connection.
  • Routers and other Internet and intranet hardware.
  • Corporate, administrator, and user accounts for external systems.

    For a full list of systems to which AgilePoint NX connects, refer to How Can I Customize and Extend AgilePoint NX?.

SharePoint Impersonator Account

One specific account the network administrator may need to maintain for AgilePoint NX is the SharePoint impersonator account. This is a "headless" account (an account that is not associated with a human user) AgilePoint NX uses to exchange data with SharePoint. By default, the SharePoint Impersonator account credentials are the same as the AgilePoint Service Account. However, AgilePoint recommends changing the user credentials for the SharePoint Impersonator after installation.

For information about how to change the SharePoint Impersonator account, refer to How Do I Change the Credentials for AgilePoint Administrator Accounts?

This table shows the permissions for the SharePoint Impersonator account.

System Permissions Notes

SharePoint

  • Member of the following groups:
    • SharePoint Farm Administrators (applies to SharePoint Farm only)
    • Site Collection Administrators
  • When AgilePoint Server is installed, by default these privileges are associated with the AgilePoint Service Account. However, for security purposes, AgilePoint recommends separating this account from the AgilePoint Service Account to create a unique SharePoint account for the AgilePoint system. This account is sometimes referred to as the SharePoint impersonator.
  • AgilePoint recognizes that adding this user to the SharePoint Site Collection Administrators group does not follow the least-privileged account best practice. If you want to make sure you are following this best practice, make sure this account has at least has Contribute rights on each SharePoint site where Lists, Document Libraries or Form Libraries are associated to an AgilePoint process.

    Usually, it's enough to add that this account to the [Site Collection Name] Members SharePoint Group. However, you must:

    • Make sure that group has Contribute rights on SharePoint.
    • Make sure inheritance is not broken on sub-sites as that might prevent that Impersonator account to access those sub-sites – it would have to be added to the Members role of each of those sub-sites that break inheritance with their parent site.