Connecting SharePoint Online

edit

Connecting SharePoint Online

edit

SharePoint Online by Microsoft is a cloud-based collaboration, knowledge management and storage platform for organizations of all sizes. Often used as a centralized content management system (CMS), SharePoint Online stores a wealth of information across departments and teams. The SharePoint Online connector provided with Workplace Search automatically captures, syncs and indexes the following items:

Stored Files

Including ID, File Metadata, File Content, Updated by, and timestamps

Known issues

edit
  1. When configured after November 8, 2020, the SharePoint Online connector must be connected by an Azure AD admin user. Therefore, private sources are not supported. Organization sources are supported when connected by an Azure AD admin user.

    During configuration, you register an OAuth app in Azure AD that does not have a verified publisher. After November 8, 2020, these apps can be connected by Azure AD admin users only.

Configuring the SharePoint Online Connector

edit

Configuring the SharePoint Online connector is the first step prior to connecting the SharePoint Online service to Workplace Search, and requires that you create an OAuth App from the SharePoint Online platform. To get started, first log in to SharePoint Online and access your administrative dashboard:


Step 1. Sign in to https://portal.azure.com/ and click on Azure Active Directory:

Figure 103. Connecting SharePoint

Step 2. Locate App Registrations:

Figure 104. Connecting SharePoint

Step 3. Click New Registration:

Figure 105. Connecting SharePoint

Step 4. Give your app a name - like "Workplace Search" - and make it multitenant.

Setting the app to single tenant will result in a degraded experience, and the connector will not sync content.

Leave the Redirect URIs blank for now. We will need two: one for Organizational Sources and the other for Personal Sources. We’ll add this later in the process.


Step 5. Register the application:

Figure 106. Connecting SharePoint

Step 6. Retrieve and keep the Client ID handy - we’ll need it within Workplace Search.


Step 7. Next, click the Add a Redirect URI link in the header.

Figure 107. Connecting SharePoint

Add the following two redirect URIs, substituting <WS_BASE_URL> with the base URL at which Workplace Search is hosted (scheme + host, no path).

<WS_BASE_URL>/ws/org/sources/share_point/create
<WS_BASE_URL>/ws/sources/share_point/create

Examples:

# Deployment using a custom domain name
https://www.example.com/ws/org/sources/share_point/create
https://www.example.com/ws/sources/share_point/create

# Deployment using a default Elastic Cloud domain name
https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io/ws/org/sources/share_point/create
https://c3397e558e404195a982cb68e84fbb42.ent-search.us-east-1.aws.found.io/ws/sources/share_point/create

# Unsecured local development environment
http://localhost:3002/ws/org/sources/share_point/create
http://localhost:3002/ws/sources/share_point/create

Step 7. Save the cofiguration:

Figure 108. Connecting SharePoint

Step 8. Locate the Client Secret by navigating to Certificates & Secrets:

Figure 109. Connecting SharePoint

Step 9. Pick a name for your client secret (for example, Workplace Search). Select Never as the expiration date:

Figure 110. Connecting SharePoint

Step 10. Save the Client Secret value before leaving this screen.

Figure 111. Connecting SharePoint

Step 11. We must now set up the permissions the Application will request from the Admin. Navigate to API Permissions and click Add Permission. Add delegated permissions until the list resembles the following:

User.ReadBasic.All
Group.Read.All
Directory.AccessAsUser.All
Files.Read
Files.Read.All
Sites.Read.All
offline_access
Figure 112. Connecting SharePoint

Step 12. Finally, Grant admin consent.

Use the Grant Admin Consent link from the permissions screen.


Step 13. From the Workplace Search administrative dashboard’s Sources area, locate SharePoint Online, click Configure and provide both the Client ID and Client Secret.

Voilà! The SharePoint Online connector is now configured, and ready to be used to synchronize content. In order to capture data, you must now connect a SharePoint Online instance with the adequate authentication credentials.

Connecting SharePoint Online to Workplace Search

edit

Once the SharePoint Online connector has been configured, you may connect a SharePoint Online instance to your organization.


Step 1. Head to your organization’s Workplace Search administrative dashboard, and locate the Sources tab.


Step 2. Click Add a new source.


Step 3. Select SharePoint Online in the Configured Sources list, and follow the SharePoint Online authentication flow as presented.


Step 4. Upon the successful authentication flow, you will be redirected to Workplace Search.

SharePoint Online content will now be captured and will be ready for search gradually as it is synced. Once successfully configured and connected, the SharePoint Online synchronization automatically occurs every 2 hours.

Document-level permissions

edit

You can synchronize document access permissions from SharePoint Online to Workplace Search. This will ensure the right people see the right documents.

See Document-level permissions for Microsoft.