Edit

SharePoint Connector

Learn about the functionality and requirements of the SharePoint connector for the Aisera platform

Overview

This guide details the setup process for integrating the SharePoint connector as a data source on the Aisera Platform.

Prepare

Before setting up the SharePoint connector, collect the following details.

Endpoint

You will need the root URI for your SharePoint tenant. This will look like <your_company>.sharepoint.com

Authorization

The Aisera Platform supports both off and on-premises installations of SharePoint. Where your SharePoint is installed will change how the the Aisera Platform will authenticate with your SharePoint tenant.

Authorization through Azure Portal

For SharePoint Online tenants, the connector utilizes the Microsoft Graph API. Authentication credentials and configurations will be managed on the Azure Portal. You will need to take note of the following credentials:

  • Client ID

  • Tenant ID

  • Client Secret

To complete the setup for Authorization through the Azure Portal:

  1. Register an application in Microsoft Entra ID and retrieve the Tenant ID and Client ID To select or register a Microsoft Entra ID application, refer to Microsoft's guide on Registering an Application in Microsoft Entra ID. After choosing an existing application or completing the registration for a new one, you will be able to obtain the Tenant ID and Client ID.

  2. Create a Client Secret You will need to generate a Client Secret. For information on generating a Client Secret go to Microsoft's guide on how to Add and manage application credentials in Microsoft Entra ID.

  3. Add permissions for Microsoft Graph API

    Your application will need permissions to access Microsoft Graph APIs. Information on how to add permissions can be found at Microsoft's guide to Configure app permissions for a web API. Ensure you grant the application the following permissions:

    • Sites.Read.All

    • Files.Read.All

    • Directory.Read.All

    • Group.Read.All

    If you are also looking to ingest User data, you will need to provide the following permissions:

    • User.Read.All

    • GroupMember.Read.All

Authorization through SharePoint Add-in

If your SharePoint tenant is an on-premises installation, the connector will utilize the SharePoint REST API. You will need to create a SharePoint Add-in to generate credentials and set permissions:

  1. Register a new SharePoint Add-in

    For instructions on registering a new SharePoint Add-in, see Microsoft's Register SharePoint Add-ins guide. After completing the registration of the new add-in you will be provided with the Client Id and Client Secret.

    Remember to save client_id and client_secret in a file because you cannot retrieve them after leaving this page.

  2. Grant permissions to the add-in

    For guidance on managing add-in permissions, refer to Microsoft's Add-in Permissions in SharePoint guide. The following XML will give the add-in read access to site collections: 

    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Read"/>
</AppPermissionRequests>

    If you want to give tenant-wide permissions, you will need to go to https://<tenant_admin>.sharepoint.com/_layouts/15/appinv.aspx and update the Permission Request XML as follows: 

    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>
</AppPermissionRequests>

Integration Setup

To set up the integration for the SharePoint connector:

  1. In the Aisera Admin UI navigate to Settings > Integrations

  2. Click on + New Integration

  3. In the menu, select SharePoint and click Next

  4. Enter the configuration details, then click Next

    Field
    Description

    Name

    The name used to identify the integration.

    Endpoint

    The root URI for your SharePoint tenant. This should not contain the protocol.

    Description

    A description of the integration and it's purpose.

  5. Enter the credentials collected during the preparation step and click OK to save the integration

Data Source Setup

To set up the data source for the SharePoint connector:

  1. In the Aisera Admin UI navigate to Settings > Data Sources

  2. Click + New Data Source in the upper right corner

  3. Select SharePoint and click Next

  4. Enter the configuration details, then click Next

    Field
    Description

    Name

    The name used to identify the data source

    Integration

    The integration with the necessary authentication information for data retrieval

    Function

    Functions dictate how a data source behaves and what data is ingested into the Aisera platform

    Schedule

    This determines how often the Data Source will request new data.

    Description

    A description of the integration and it's purpose

  5. If your installation of SharePoint is on premises, check On Prem

  6. All remaining configurations are optional. See the section below for additional information. Select Next until the window closes to save the data source configurations.

Optional Configurations

List Name

List name to get page items.

Site

The name of the site you want to be crawled.

Libraries

A list of library names separated by carriage returns

Use Render

If selected, HTML will be rendered through Node Renderer

Managed Path

In SharePoint, a managed path is a designated location in a web application for site collections. By default, the managed path is sites. For example, a typical URL is https://company.com/sites/, where sites is the managed path. Specify only if you have a managed path different than sites.

Folders

A list of relative folder paths to be recursively crawled. Only the specified folders in your library will be crawled. If this field is left empty the entire library will be crawled.

Do not include the library in the relative path.

Post Setup Actions

Applying Granular Permissions for the Azure app

When there is a need to configure the SharePoint connector to only use a limited set of sites instead of everything on the SharePoint server, you will need to configure the Sites.Selected Microsoft Graph permission. Applying the Sites.Selected Microsoft Graph permission to the Azure application can be done in two ways:

  1. Use a PowerShell script to assign the necessary permissions to the Aisera Azure application. This task can be performed by an authorized Azure administrator.

  2. Create a second Azure application which can be used to set the permissions to the first Aisera Azure application.

Two Application Method

In the two application configuration, the Connector App serves as the main application connected to the Aisera Platform, while the Admin App is utilized to manage permissions for the Connector App. To set up the two application method:

  1. Register the Connector App in Microsoft Entra ID

    The process will follow the outline established during the preparation phase. You will need to give this application the Sites.Selected permission. This permission will need to be granted Admin Consent. You will also need the following credentials:

    • Client Id

  2. Register the Admin App in Microsoft Entra ID

    You will need to give the Sites.FullControl.All permission to the Admin App. You will need to grant Admin Consent to this permission. You will also need to gather the following credentials:

    • Tenant Id

    • Client Id

    • Client Secret

  3. Make an HTTP request to generate the access token for the Admin APP.

    Method: POST

    URL: https://login.microsoftonline.com/<sharepoint_tenant_id>/oauth2/v2.0/token

    Header:

    Content-Type: x-www-form-urlencoded

    Body:

    grant_type: client_credentials
scope: https://graph.microsoft.com/.default
client_id: <adminappclientid>
client_secret: <adminappclientsecret>

  4. Copy the Access Token received in the response

  5. Decide on the Role (Read or Write) for granting the site specific roles for the Connector APP

  6. Get the Site Id of the SharePoint site to be assigned permissions for the Connector App.

    An easy way to get the Site Id is by viewing the page source from the browser.

  7. Make an HTTP request to grant the site role to the Connector App

    Method: POST

    URL: https://graph.microsoft.com/v1.0/sites/<site_id>/permissions

    Header:

    Content-Type: applciation/json
Authorization: Bearer <access_token>

    Body:

    {
  "roles": [
    "read"
  ],
  "grantedToIdentities": [
    {
      "application": {
        "id": "<connect_app_client_id>",
        "displayName": "<connector_app_name"
      }
    }
  ]
}

Once you submit the request, the Connector App will connect to the designated Sites. The selected permissions will allow read access to the site as specified. Similarly, you can assign app access to additional SharePoint sites.

PreviousJira Service DeskNextNexThink

Last updated

Was this helpful?