Skip to main content

Sharepoint

  • Updated

Connecting to Sharepoint (for IT)

This document outlines the steps required to establish a secure connection between Wisq and your SharePoint environment. We've designed this process to be flexible and work within your organization's security requirements.

 

Steps:

  1. Create and register your Microsoft EntraID Application 
  2. Configure the correct permissions and sites to share
  3. Set up the document labeling mechanisms
  4. Finalize the connection in Wisq

Create and register your EntraID Application

Register a new app

  1. Log in as an admin to the Azure portal: https://portal.azure.com
  2. Search for ‘App registrations’
  3. Click “New registration” to register an application
    1. Name: Wisq-Sharepoint
    2. Support account types: single tenant only
    3. Redirect URL: empty
  4. Click ‘Register’

Generate a client secret for this app

  1. Under the ‘Manage’ tab, click ‘Certificates & secrets’
  2. Click ‘new client secret’
    1. Description: Wisq app
    2. Expires: Maximum time available (730 days)
  3. Click ‘Add’
  4. Copy the client secret to be shared with Wisq shortly. 

Configure the correct permissions

Setting app permissions

  1. Open the app and click the ‘Manage’ tab
  2. Click ‘API permissions’
  3. Click ‘Add a permission’. There are two permissions needed to be granted: Microsoft Graph (site access) and Office 365 Management APIs (activity tracking)
    1. Microsoft Graph:
      1. Search and click on Microsoft Graph
      2. Select ‘Application permissions’ as the type of permission to grant
      3. Search for and select ‘Sites.Selected’
      4. Search for and select ‘Group.Read.All’
      5. Click ‘Add permissions’
    2. Office 365 Management APIs
      1. Search and click on Office 365 Management APIs
      2. Select ‘Application permissions’ as the type of permission to grant
      3. Search for and select ‘ActivityFeed.Read’
      4. Click ‘Add permissions
  4. Return to your applications permissions table and select ‘Grant admin consent for [tenant name]’

Selecting the sites to share with Wisq

In order to grant the newly created Wisq-Sharepoint app access to specific sites, an app with site wide admin permissions must be used. Please assign permission Sites.FullControll.All to this admin app. You will then need a client_id and client_secret from that admin app.

Getting the access_token

  • The following curl command will return the access_token for the admin app:
    • tenant_id, client_id, client_secret 
curl --location 'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'scope=https://graph.microsoft.com/.default' --data-urlencode 'client_id={client_id}' --data-urlencode 'client_secret={client_secret}'

Getting the site_id

  • The following curl command will return the site_id using the admin app:
    • site_hostname, site_name, access_token
curl --location 'https://graph.microsoft.com/v1.0/sites/{site_hostname}:/sites/{site_name}?=' \ --header 'Authorization: {access_token}'

Granting site access

  • The following command needs to be run for each site shared with Wisq.
curl --location --request POST 'https://graph.microsoft.com/v1.0/sites/{site_id}/permissions' \
--header 'Content-Type: application/json' \
--header 'Authorization: {access_token} \
--data '{
  "roles": ["read"],              
  "grantedToIdentities": [{
    "application": {
      "id": "{wisq-app-client-id}",
      "displayName": "{wisq-app-display-name}"
    }
  }]
}'

Setting up a document labeling mechanism

After access is granted, the next step is to provide a mechanism for your HR team to select which folders, documents, or pages within each site Wisq should track. 

There are two labeling mechanisms that need to be set up: a site column and a security group.

Site columns will be used to label documents while security groups are used to label pages (.aspx files).

Creating a Site Column label

  1. Log in to Sharepoint. 
  2. Head over to the Site that is shared with Wisq.
  3. Click the ‘Document’ or ‘Pages’ tab (this may differ for your Sharepoint set up)
  4. In the table, select ‘Add column’
  5. Select ‘Yes/No’ and ‘Next’
  6. Create the column:
    1. Name: ShareWithWisq
    2. Description: Label for files shared with Wisq
    3. Type: Yes/no
    4. Default value: No 
  7. Copy the Name of the site column to be shared with Wisq shortly.

Creating a Security Group

  1. Log in as an admin to the Azure portal: https://portal.azure.com
  2. Search for Groups
  3. Click ‘New group’
    1. Group Type: Security
    2. Group name : ShareWithWisq
    3. Group description: Label for .aspx files shared with Wisq
    4. Membership Type: Assigned
    5. Owners: Add IT as the owner of the group
    6. Members: empty

Finalize the connection in Wisq

  1. Log in to Wisq
  2. Select your profile in the bottom left
  3. Click on ‘Admin console’
  4. Select ‘Configure’ on the left side panel
  5. Select ‘Integrations’
  6. Select ‘Sharepoint’
  7. Create a new connection. You will need the following:
    1. Tenant ID
    2. Client ID
    3. Client Secret
    4. Site URL(s)
    5. Site Column Name
    6. Security Group Name
    7. Security Group ID
  8. Fill out the fields and select ‘Connect’

After success, Wisq will connect and sync to the files, folders, and pages labeled with your site column and security group.