Best Practices / Best Practices for SharePoint Integration |
Below is the basic combination you can use for AgilePoint BPMS and SharePoint. You can use as many different user accounts as you like for each of the different components, but we recommend using a separate user account for the SharePoint Application Pool only, and do not use this user account anywhere else (not even for SharePoint Site Collection Administrator/Owner). This is because SharePoint sees the Application Pool user account as the SharePoint System Account, and grants very low privileges to this SharePoint System Account when accessing SharePoint (e.g., accessing the SharePoint Object Model), even though SharePoint may let this SharePoint System Account login into the SharePoint page explicitly.
For a domain environment, the user accounts need to have enough privilege to access resources across the domain (via setSPN).
We recommend you to add AgilePoint System User to local machine Administrator Group and IIS_WPG if you want to use Window Authentication for the AgilePoint database.
Basic Combination: