Sharepoint™ Online OAuth Integration with Scan2x
The following process works on the premise that a Sharepoint™ Online site is configured, and an Azure Active Directory (Azure AD) is created and readily available. Users must exist within the Azure AD and must have the correct permissions both in Azure AD and the Sharepoint™ Online site to be configured. The Azure AD and Sharepoint™ Online site must be within the same organization. If a user cannot logon to the Sharepoint™ Online site manually, the OAuth integration with Scan2x for that particular user will definitely not work.
When this manual is completed, Sharepoint™/Azure AD token information will be saved alongside the currently logged on username within the Scan2x database. This will allow this user to continuously access the Sharepoint™ Online site without requiring to logon to Azure AD again. The token information will be valid for 6 months. Once expired, the user will simply be asked to re-authorize. This token information will only be valid for the currently logged on user. Other users that require access to Sharepoint™ Online in the same way will need to repeat the authorization process for their user.
Note – ‘The Connecting from Scan2x’ section describes the setting of the Sharepoint™ OAuth token information for the logged-on user within the Admin Panel, shown in the Sharepoint™/Office365™ Tab. This means that the token can then be re-used from any Scan2x job created. Only 1 Sharepoint™ site can be configured at an Admin level.
However, the same process described can be repeated at Scan2x Job level. Different jobs can be configured to connect to different Sharepoint™ sites, shown in the Scan to Sharepoint™/Office365™ Tab.
A short note regarding Sharepoint™ Online configuration to a different Sharepoint™ Online site at Job level can be found at the end of this document.
Azure AD App Registration
Take note of your Sharepoint™ site: https://mytenantname.sharepoint.com/sites/mysitename/
Access this page and you will be redirected to the screen (as seen in the image below): https://mytenantname.sharepoint.com/sites/mysitename/_layouts/15/appregnew.aspx
Click 'Generate' to create a Client Id - please take note of this as you will need to use this later in the process.
Click 'Generate' to create a Client Secret - please take note of this as you will need to use this later in the process.
Set "Scan2x OAuth Integration" as the Title
Specify 'oauthapi.scan2xonline.com' as the App Domain - it should not have 'https://' included.
Specify 'https://oauthapi.scan2xonline.com/SPHandler' as the Redirect URL
Once completed the following screen will appear confirming the creation of the App Identifier.
Connecting from Scan2x
Logon to Scan2x. Make sure to logon as a user that has Admin permissions.
Make sure you are running on the latest Scan2x version.
Check for updates if not sure (refer to ‘Check for updates button’ button shown below).
Click on Admin Panel and navigate to the Sharepoint™ tab (refer to the ‘Admin Panel’ button shown in the image above).
In the Server URL insert the Sharepoint site you want to connect with (for example: https://mytenantname.sharepoint.com/sites/mysitename/).
Leave the Username and Password fields empty and click on ‘Test Connection’.
Fill in the ClientID and ClientSecret generated from within the previous section and click on ‘Retry’
Logon using an Azure AD user which has permissions to Sharepoint™ Online.
When the permission grant pops up, click on ‘Trust It’
If the process completes successfully, you will get a confirmation as below.
At a job level, simply change the Server URL to a different Sharepoint™ site and the same configuration within the Admin Panel applies. The same ClientID and ClientSecret will be valid if the different Sharepoint™ site exists within the same organization.
If it is a different organization altogether, the whole process described within this document will need to be re-done, first of all, starting by configuring the Azure AD App Registration as described in the first section of this document.