|
Sharepoint™ Online OAuth Integration with Scan2x
The following process works on the premise that a Sharepoint™ Online site is configured. Users must exist and have the correct permissions to access the Sharepoint™ Online site. If a user cannot logon to the Sharepoint™ Online site manually, the OAuth integration with Scan2x for that particular user will definitely not work.
When this manual is completed, Sharepoint™ token information will be saved alongside the currently logged on username within the Scan2x database. This will allow this user to continuously access the Sharepoint™ Online site without requiring to logon again. The token information will be valid for 6 months. Once expired, the user will simply be asked to re-authorize. This token information will only be valid for the currently logged on user. Other users that require access to Sharepoint™ Online in the same way will need to repeat the authorization process for their user.
Note – ‘The Connecting from Scan2x’ section describes the setting of the Sharepoint™ OAuth token information for the logged-on user within the Admin Panel, shown in the Sharepoint™/Office365™ Tab. This means that the token can then be re-used from any Scan2x job created. Only 1 Sharepoint™ site can be configured at an Admin level. However, the same process described can be repeated at Scan2x Job level. Different jobs can be configured to connect to different Sharepoint™ sites, shown in the Scan to Sharepoint™/Office365™ Tab. A short note regarding Sharepoint™ Online configuration to a different Sharepoint™ Online site at Job level can be found at the end of this document.
Should you encounter any issues when setting the Sharepoint™ site configuration in Scan2x, kindly see the below FAQs:
•How to check if your Sharepoint™ client ID/secret is expired
•How to refresh an expired Sharepoint™ client secret
If you still require assistance, kindly contact our support email support@avantech.com.mt
Please note that, as per the following Microsoft link: Azure ACS retirement in Microsoft 365 | Microsoft Learn, the ACS are being retired by Microsoft, and as such are no longer being maintained. Kindly follow the Azure AD App Registration method in the below section.
Azure AD App Registration
Navigate to https://portal.azure.com and click the View button under Manage Microsoft Entra ID section.
.png)
Locate the App Registrations tab from the left-hand panel and click on it.
.png)
Click on New Registration.
.png)
Fill in the values as shown below:
•Set the “Name”: Scan2x OAuth Integration
•As Supported account types, choose one of the following:
- “Single tenant” - if you want only members of your directory to access your Sharepoint Online
- “Any Multitenant” - if you want to allow members of other organizations (invited to your organization) to access your Sharepoint Online
- “Any Multitenant and Microsoft accounts” - if you would also like to allow non-work accounts (invited to your organization) to access your Sharepoint Online.
•As the Redirect URl, choose Web from the dropdown and set the following as the value: https://oauthapi.scan2xonline.com/api/Sharepoint/SPOHandler
Once done, click on the Register button.
.png)
From the Overview section, copy the Application (Client) ID and Directory (Tenant) ID and keep it handy as they will be required later.
.png)
From the left-hand panel, click on the Authentication tab, scroll down to the Implicit grant and hybrid flows section, tick the Acces tokens (used for implicit flows) checkbox, and click the Save button.
.png)
Navigate to the Certificates and Secrets tab:
•Click on the New Client Secret button
•Name it Scan2x Secret
•Choose the longest Expiry “24 months”
•Click the Add button
•Make sure to take a copy of the Client Secret immediately as it will be hidden after some time. Take note of the Value as this will be needed for later.
Make a note for 2 years from now, the secret will have to be re-created from scratch and re-updated into Scan2x.
.png)
.png)
In the API permissions tab:
•Click Add a permission
•Choose Microsoft Graph.
.png)
•Click the Delegated permissions button
•Search for "Sites” in the search bar, and choose the following 2 options: Sites.Read.All and Sites.ReadWriteAll
•Click the Add permissions button.
.png)
•Click the “Grant admin consent for Tenant Name”, where Tenant Name will be the name of your directory, and click the Yes button.
.png)
.png)
Connecting from Scan2x
Logon to Scan2x.
•Make sure to log on as a user that has Admin permissions.
•Make sure you are running on the latest Scan2x version. Check for updates if you are unsure (refer to ‘Check for Updates’ button shown below).
.png)
Please Note that if the old connection method of Sharepoint™ was being used previously with Scan2x (Azure ACS retirement in Microsoft 365 | Microsoft Learn the ACS are being retired by Microsoft), kindly navigate to the User Settings button from the home page. Once the modal opens, navigate to the OAuth Tokens tab and delete any tokens of AccountType with the value SHAREPOINT. This step will need to be done by all users on Scan2x Windows who have a Sharepoint™ token of the old connection Sharepoint™ method. For more information, please see the following FAQ: https://help.scan2xonline.com/Faqs/topics/idh-topic50-1.htm
.png)
.png)
From the home page, click on the Admin Panel
.png)
Navigate to the Sharepoint™ tab (refer to the ‘Admin Panel’ button shown in the image above):
•In the Server URL, insert the Sharepoint site you want to connect with (for example: https://mytenantname.sharepoint.com/sites/mysitename/).
•Leave the Username and Password fields empty
•Click on the ‘Test Connection’ button
.png)
Fill in the Tenant ID, ClientID, and Client Secret generated from within the previous section and click on the ‘Retry’ button.
.png)
Login using an Azure AD user which has permissions to Sharepoint™ Online.
.png)
If the process is completed successfully, you will get a confirmation as below.
.png)
At a job level, simply change the Server URL to a different Sharepoint™ site and the same configuration within the Admin Panel applies. The same Tenant ID, Client ID, and Client Secret will be valid if the different Sharepoint™ site exists within the same organization. If it is a different organization altogether, the whole process described within this document will need to be re-done, first of all, starting by configuring the Azure AD App Registration as described in the first section of this document.
.png)
|
