Step 1: Create an Add-In App in Azure AD
On initial stage, we have to register a new application in Azure AD, to be able to declare which rights are needed to access data when you make calls to the REST API. Those rights are declared in Azure AD through the web console.
In the web console go to Menu (1)> Azure Active Directory (2)> App registration (3)> New application registration (4).
Make sure you fill the new Apps details as follows:
The "Name" you give to the App is optional BUT the "Application type" and "Sigh-on URL" need to correspond to the above.
Step 2: Grant Permissions to the App in Azure AD
When "Created", the App will show in the list of Apps, and we will be able to assign adequate permissions to it.
Select the new App and go to Required permissions (1)> Add (2)> Select and API (3)> SharePoint (4)
This selection will assure, that you are assigning the permissions to the correct API - in this case to the SharePoint API.
Now go to Select permissions (1)> select one by one the access rights you want to give to Sapho (2) and finalize the setup by clicking Select (3) and Done (4).
Please note that Sapho needs at least the below permissions to operate:
- Have full control of all site collections
- Run search queries as a user
- Read user profiles
- Read and write user profiles
- Read managed metadata
- Read and write managed metadata
Step 3: Generate the access key
Go to Keys (1)> Fill in "Description" and "Expiration" (2)> Save (3)
When your key is generated, make sure you copy its value to a safe place, as you will NOT be able to retrieve it later and you will need it later on.
Step 4: Grant Permissions to the App in SharePoint
Once the Add-In is entirely setup in Azure, we have to set its permissions in SharePoint.
- Navigate to the SharePoint site
- Then navigate to the Grant permission page by entering the url as:
- Copy the Application ID from Azure
- Enter it in App Id textbox and click Lookup button (1). That will populate the values to other textboxes in Title, App Domain and Redirect Url
- Now Enter the below "Permission Request" in XML format (2):
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/>
- On the next page, select "Trust it"
Your setup in SharePoint in now complete.
Step 5: Setup the connector in Sapho
- URL (1)
- Client ID (2) - corresponds to the "Application ID" in Azure
- Client Secret (3) - corresponds to the "Key" created in Step 3
On the next sceen, click on "Login with your SharePoint account" (1). This will open a new window with the SharePoint login page, please login as usually. When you will be logged in successfully, you will be redirected automatically in Sapho and get a "Successfully authorized" Status. Go "Next" (2)
Finalize the connector creation as usual.