Navigation: Installation >

Sharepoint Online OAuth Intergration with Scan2x

 

 

 

 

SharePoint Online OAuth Integration with Scan2x

 

The following process works on the premise that a SharePoint Online site is configured, and an Azure Active Directory (Azure AD) is created and readily available. Users must exist within the Azure AD and must have the correct permissions both in Azure AD and the SharePoint Online site to be configured. The Azure AD and SharePoint Online site must be within the same organization. If a user cannot logon to the SharePoint Online site manually, the OAuth integration with Scan2x for that particular user will definitely not work.

When this manual is completed, SharePoint/Azure AD token information will be saved alongside the currently logged on username within the Scan2x database. This will allow this user to continuously access the SharePoint Online site without requiring to logon to Azure AD again. The token information will be valid for 6 months. Once expired, the user will simply be asked to re-authorize. This token information will only be valid for the currently logged on user. Other users that require access to SharePoint Online in the same way will need to repeat the authorization process for their user.

Note – ‘The Connecting from Scan2x’ section describes the setting of the SharePoint OAuth token information for the logged-on user within the Admin Panel, shown in the Sharepoint™/Office365™ Tab. This means that the token can then be re-used from any Scan2x job created. Only 1 SharePoint site can be configured at an Admin level.
However, the same process described can be repeated at Scan2x Job level. Different jobs can be configured to connect to different SharePoint sites, shown in the Scan to Sharepoint™/Office365™ Tab.

A short note regarding SharePoint Online configuration toa different SharePoint Online site at Job level can be found at the end of this document.

Azure AD App Registration

Navigate to https://portal.azure.com and locate the View button under Manage Azure Active directory.

 

Locate the App Registrations button from the left-hand side and click on it.

 

Click on ‘New Registration’.

 

Fill in the values as shown below and click on ‘Register’.

 

From the Overview section, copy the Application (client) ID and keep it handy as it will be required in the next step.

 

 

 

Navigate to the ‘Certificates and Secrets’ section.

 

Click on ‘New Client Secret’. Call it “Scan2x Secret” and set it never to expire.
Click on ‘Add’. Make sure to take a copy of the Client Secret immediately as it will be hidden after some time.
Keep the Client Secret handy as it will be required in the next section.

 

In the API permissions section, click on the Add a permission button.

 

 

Choose ‘SharePoint’ from the list.

 

 

Choose ‘Delegated permissions’.

 

Select the following permissions and click on Add permissions.

 

At this point, an Admin user should Grant Admin consent. If you do not have Admin access, ask a Global admin within your organization to do it.

 

 

Connecting from Scan2x

Logon to Scan2x. Make sure to logon as a user that has Admin permissions.
Make sure you are running on the latest Scan2x version. Check for updates if not sure (refer to ‘Check for updates button’ button shown below).

.

Click on Admin Panel and navigate to SharePoint (refer to ‘Admin Panel’ button shown above).
In the Tenant URL insert the SharePoint site you want to connect with. Leave the Username and Password fields empty. Then click on ‘Test Connection’.

 

 

Fill in the ClientID and ClientSecret generated from within the previous section and click on ‘Retry’

 

Logon using an Azure AD user which has permissions to SharePoint Online

 

 

 

When the permission grant pops up, click on ‘Trust It’

If the process completes successfully, you will get a confirmation as below.

 

At a job level, simply change the Server URL to a different SharePoint site and the same configuration within the Admin Panel applies. The same ClientID and ClientSecret will be valid if the different SharePoint site exists within the same organization.

If it is a different organization altogether, the whole process described within this document will need to be re-done, first of all, starting by configuring the Azure AD App Registration as described in the first section of this document.

 

 

 

Copyright © 2022 Avantech Software