Accessing Apps in CafeX

TABLE OF CONTENTS

• One App, Many Users
• User Authentication
• Designing Workspaces Within an App
• Workspace Creation Service
• Public Apps
• App-Level Authentication

This article provides a high-level overview of the different ways users can access Apps in CafeX. 

Many of these concepts are documented in detail across the Knowledge Base. The purpose of this article is to provide a single, high-level guide that helps understand the available access models and navigate to the relevant documentation.

A CafeX App can be designed to support different user access patterns, depending on who is using the App and the data and operations it needs to support. The sections below describe the most common approaches.

One App, Many Users

In this model, a single CafeX App is accessed by multiple users using a Workspace. Users interact with the App within the context of that Workspace, which determines their access to data and functionality through assigned permissions. 

Typically, the CafeX platform prompts users to authenticate when accessing the App. Once authentication is successful, the App loads and the user’s permissions derived from the Workspace are applied.

To learn more, see:

• Understanding CafeX Apps
• Understanding App Permissions

User Authentication

Authentication determines who can access an App and how users are identified.

CafeX supports authenticated access to Apps, so that the platform can identify users before they interact with App functionality or data. User authentication is commonly used to:

• Identify the user accessing the App
• Associate the user with roles, permissions, and Workspaces
• Support auditing and access control

Authentication configuration is covered in:

• Signing in to CafeX
• Enabling App Authentication in Your App
• Setting Up SAML

Designing Workspaces Within an App

CafeX Workspaces function as containers within an App, designed to store and organize content, configuration, and access for specific groups or activities. Each Workspace belongs to a single App, allowing for the effective organization of content. 

Workspaces commonly control access to workspace-level resources. However, Apps may also interact with external data sources, which may use their own authentication mechanisms. For information on configuring authentication for external data sources, see Set Up the Authentication Data Source.

By organizing content into separate Workspaces, you can ensure that different teams or activities within the same App are managed effectively.

Common patterns include:

• One Workspace per App: All users share the same context and can access the same workspace resources.
• One App, multiple Workspaces: Each customer, team, or project has its own isolated Workspace.

To understand workspace behavior and configuration, see:

• CafeX Workspaces
• Setting up a Workspace
• Workspace Fields
• Managing Workspaces
  
   

Workspace Creation Service

The Workspace Creation Service provides an alternative approach to creating Workspaces in CafeX. Instead of relying solely on manual or administrative setup, this service allows Workspaces to be created through an authenticated URL when required. Typically, users must authenticate in order to use the Workspace Creation Service URL.

The URL accepts parameters that are passed to the App during Workspace creation. This makes it possible to control initial Workspace context and configuration at the time the Workspace is created.

Related documentation:

• Creating a workspace through Workspace Creation Service

Public Apps

Some CafeX Apps are designed to be accessed without user authentication to CafeX. 

To make an App publicly accessible, you must enable public access in the App configuration. To enable public access:

1. In the Explorer section, click App.
2. In the Appearance and Configuration panel, open the Configuration tab.
3. Under General settings, enable the Allow public access toggle.

Public access can only be enabled if the App contains a single custom view. You may include multiple views of other types (for example, Grid views), but only one custom view is allowed when public access is enabled.

When public access is enabled, users can open the App without authenticating to CafeX. Depending on configuration, App-level authentication may still apply.

The public App can be accessed using a URL in the following format:

{https://app.cafex.com}/a/{appId}/t/{workspaceId}/v

The appId and workspaceId values are available in the App URL and can be copied directly from it.

App-Level Authentication

App-level authentication requires users to sign in before accessing the App. This prevents unauthenticated users from interacting with App functionality or data.

App-level authentication is enabled using the Enable app auth toggle in the App configuration. When enabled, CafeX uses a dedicated authentication data source to handle the App’s authentication flow.

App-level authentication is commonly used in combination with permissions and Workspace-based access controls.

Related articles:

• Enabling App Authentication in Your App
• Understanding App Permissions