Access to multiple PWA instances with Project tile
Scenario for a multinational company with several business entities with only 1 Office 365 tenant.
• As for now, to access any new PWA instance (different from the default PWA instance) through the Office 365 interface,
1) Tenant administrator has to create a new Custom Tile in the Company Profile in the O365 Admin Center (as described in article "Add custom tiles to the My apps page and app launcher" https://support.office.com/en-us/article/Add-custom-tiles-to-the-My-apps-page-and-app-launcher-1136115a-75af-4497-b693-640c4ce70bc6?ui=en-US&rs=en-US&ad=US and "Customising the App Launcher– Part Two–Custom Tiles" https://epmsource.com/2015/08/02/customising-the-app-launcher-part-twocustom-tiles/)
2) End-user has to **manually** add the new tile to its App Launcher
• The default Project tile (pointing to the default PWA instance) will appear in the App Launcher as soon as you assign a Project Online license to the user. Most of the time, the end-user won’t have access to the default instance (because not part of the business entity associated to this instance), so having the default Project tile in the App Launcher will result in :
a. The end-user will be redirected to a Denied Permissions page, and would ask for permissions (per curiosity or per misunderstanding)
b. The default PWA instance administrators will receive a lot of permission requests
• The Custom tile (created in Office 365 Admin Portal) will be visible for the whole tenant, so every single user in the tenant will be able to pin the custom tile to its App Launcher [and maybe try to access and request for permissions they are not supposed to access to, which will also result in a lot of permission requests for every new PWA instance admins].
• The App Launcher can’t be customized in an industrial way (PowerShell scripts or else), so end-user will have to perform **manual actions** to unpin the default Project tile and pin the Custom tile created for the new PWA instance.
As a summary, Office 365 interface is not mature today to handle multiple PWA instances, for accessibility purposes.
An expected Project tile behavior should be as follows :
- If an organization has only one PWA instance, the Project tile is pointing to the default PWA instance.
- If an organization has multiple PWA instances, the Project tile is pointing to an intermediate page which displays all PWA instances that the end-user has access to (based on the defined permissions for the Private Site Collections).
Thanks for the feedback here – we see that it’s difficult to navigate to the correct PWA instance using the O365 Project button. We’re working on improving this experience so that you can always see the projects that you are meant to, and want to see.
Star D. commented
The Project tile in the O365 app launcher **SHOULD** function like the SharePoint Online tile in the O365 app launcher:
It would bring up PWA sites and sort them into "followed", "frequent" "suggested" and "all", just like the SPO tile does (exactly as Marc-Antoine GOGUENHEIM is proposing for multiple instances).
I agree with the anonymous post from October 3, 2016. Our departments have some confidential projects, and just controlling access through the Project permissions is not enough; they want to keep the PWA site collection access within their department too. If we allow that and provision additional Project Web App Site collections, the tile still brings the other department users to the default PWA instance and they get a message that they don't have access.
André Stolk commented
At one of my clients, Boskalis in the Netherlands, I have configured the /PWA instance as an "landing" (intermediate is also a very good term) page for all Project Online instances (PWA_xxx) they currently use (which are 5 currently: 2 production for different divisions and 3 test & training tenants). The PWA instance contains a tile for each PWA tenant on the home page. Since they use Project Online permissions, I have disabled all features on the PWA tenant used as a landing page except the "Can Logon" permission. Only the Team Members and Administrators groups are used in the PWA tenant. Via AD sync, all Project Online users of the different divisions and tenants are synced with the Team Members group within the PWA tenant so all end-users have access to PWA but no features are available except clicking on the right tile on the PWA home page. This method provides a good navigation for all Project Online users: they navigate to PWA through the Office365 menu which is always pointing to the same PWA instance, next they click on their own tile to navigate to their Project Online tenant they have access to. When they click the wrong one, the known error message "Access denied" appears. This is a very simple and scalable solution, easy to implement and also easy to extend with more upcoming PWA_xxx tenants.
Mandatory for your large customers with multiple departments which have to use independently Project Online!