Summary

This article describes the configuration steps required in within Microsoft to allow SharePoint access from InfoBurst. Please consult your Microsoft administrators to determine the required authentication method and then complete the steps described in this article. 


Authentication Methods

There are three methods of Azure AD authentication. Consult your Azure AD administrator to determine which method is required in your Microsoft environment.


Azure AD OAuth

Requires an application registered in Azure AD (with a secret and callback URI). Allows individual users to access SharePoint using OAuth token-based authentication.

Azure AD App + Cert

Requires an application registered in Azure AD and configured to use a certificate and private key. Allows application-level access to the SharePoint site.

SharePoint App

Requires an application registered in SharePoint. This is a legacy SharePoint authentication method. Microsoft recommends use of Azure AD OAuth or Azure AD App + Cert.

User CredentialsRequires SharePoint site URL and SharePoint user credentials. We do not recommend creating a new SharePoint Platform of this type as Microsoft is deprecating this authentication method.


Azure AD OAuth

This authentication method requires a server callback from Microsoft. This callback requires InfoBurst to be SSL-enabled. Enable SSL before proceeding with below steps.


The App Secret has an expiry date designated by the Azure AD administrator. An expired Secret will prevent InfoBurst from authenticating to Azure AD. Plan to update the Secret in Azure AD and Power BI Platform accordingly.


Step 1 (InfoBurst):
Obtain Callback URI
  • Select System > Configuration > Authentication
  • Select OAuthCallbackURI
  • Note value for use in Azure AD
Step 2 (Azure AD):
Register App
  • Select App Registrations
  • Select New registration
  • Enter a Name
  • Under Redirect URI select Web
  • Enter Callback URI from Step 1
  • Select Register
  • Note Application (client) ID for use in InfoBurst
  • Select Certificates & secrets
  • Select New client secret
  • Enter Description
  • Select Expiry
  • Select Add
  • Note Value for use in InfoBurst
Step 3 (Azure AD):
Grant API Permissions
  • Open App registrations
  • Select the App created in Step 1
  • Select API Permissions
  • Select Add a permission
  • Select SharePoint
  • Select Delegated permissions
  • Select AllSites.Manage
  • Select Add Permissions
Step 4 (InfoBurst):
Create SharePoint Platform
  • Select System > Platforms > New Platform
  • Select Type > SharePoint
  • Enter Name
  • Enter SharePoint Site URL (example: https://acme.sharepoint.com/Accounting)
  • Select Authentication > Azure AD OAuth
  • Enter Application ID and Application Client Secret
  • Select Save
  • Select Begin Authentication (new Microsoft authentication tab opens). This step adds Platform Credentials only for the InfoBurst administrator user. See User Access below for user Platform Credentials process.
  • Select Accept
  • Return to InfoBurst
  • Select Close


User Access

Each InfoBurst intending to use the SharePoint Platform must first add Platform Credentials:

  • Select the user profile (username top right)
  • Select Platform Credentials
  • Select +
  • Select the SharePoint Platform
  • Select Begin Authentication (new Microsoft authentication tab opens)
  • Select Accept
  • Return to InfoBurst
  • Select Close


Token Maintenance

User authentication tokens issued by Microsoft can expire. Use the following process to renew an authentication token:

  • Select user profile
  • Select Platform Credentials
  • Select the SharePoint Platform
  • Select Update Authentication to renew token


Azure AD App + Cert

Microsoft requires for this authentication method an X.509 certificate (.cer):


https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread


The corresponding Personal Information Exchange file (.pfx) and Private Key Password are required for the InfoBurst SharePoint Platform described in Step 6 below.


The certificate has an expiry date designated by the certificate creator. An expired certificate will prevent InfoBurst from authenticating to Azure AD. Plan to update the certificate in Azure AD and SharePoint Platform accordingly.


Step 1 (Azure AD):
Register App
  • Select App Registrations
  • Select New registration
  • Enter a Name
  • Select Register
  • Note Application (client) ID and Directory (tenant) ID for use in InfoBurst
  • Select Certificates & secrets
  • Select Certificates
  • Select Upload certificate
  • Select Select a file to upload certificate
  • Select Add
Step 2 (Azure AD):
Grant API Permissions
  • Open App registrations
  • Select the App created in Step 1
  • Select API Permissions
  • Select Add a permission
  • Select SharePoint
  • Select Application permissions
  • Select Sites.FullControl.All
  • Select Add Permissions

This permission level requires Admin consent. Consult your Azure AD administrator for details.
Step 6 (InfoBurst):
Create SharePoint Platform
  • Select System > Platforms > New Platform
  • Select Type > SharePoint
  • Enter Name
  • Select Authentication > Azure AD App + Cert
  • Enter Application ID and Directory (Tenant) ID
  • Select Save
  • Select Choose File and select the .pfx file
  • Enter the Private Key Password
  • Select Upload
  • Select Save
  • Select Test Logon


SharePoint App

The full SharePoint App creation process is described in the following Microsoft article:


https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs


The App Secret has an expiry date (default = 1 year). An expired Secret will prevent InfoBurst from authenticating to SharePoint. Plan to update the Secret in SharePoint and the SharePoint Platform accordingly.


This authentication type is considered legacy by Microsoft and is not recommended. We recommend Azure AD OAuth or Azure AD App + Secret.


Step 1 (SharePoint):
Generate Client ID and Secret
  • Browse to https://<TENANT>/sites/<SITE>/_layouts/15/appregnew.aspx 
  • Client Id: Select Generate and note value for use in InfoBurst
  • Client Secret: Select Generate and note value for use in InfoBurst
  • App Domain: Enter www.infosol.com
  • Redirect URI: Enter https://www.infosol.com
  • Select Create
Step 2 (SharePoint):
Grant Access
Site-Level Access
  • Browse to https://<TENANT>/sites/<SITE>/_layouts/appinv.aspx 
  • Enter the App Id (Client Id) from Step 1 and select Lookup
  • Enter the following Permission Request XML:

<AppPermissionRequests AllowAppOnlyPolicy="true">    

     <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />

</AppPermissionRequests>


  • Select Create
  • Select Trust It

Tenant-Level Access
  • Browse to https://<TENANT>-admin.sharepoint.com/_layouts/appinv.aspx
  • Enter the App Id from Step 1 and select Lookup
  • Enter the following Permission Request XML:

<AppPermissionRequests AllowAppOnlyPolicy="true">

    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />

 </AppPermissionRequests>


  • Select Create
  • Select Trust It
Step 3 (InfoBurst):
Create SharePoint Platform

  • Select System > Platforms > New Platform
  • Select Type > SharePoint
  • Enter Name
  • Enter SharePoint Site URL (example: https://acme.sharepoint.com/Accounting)
  • Select Authentication > SharePoint App
  • Enter Application ID and Application Client Secret
  • Select Save
  • Select Test Logon
  • Select OK


User Credentials

This authentication type is considered legacy by Microsoft and may not function in your Microsoft environment. We recommend Azure AD OAuth or Azure AD App + Secret.


Step 1 (InfoBurst):
Create SharePoint Platform
  • Select System > Platforms > New Platform
  • Select Type > SharePoint
  • Enter Name
  • Enter SharePoint Site URL (example: https://acme.sharepoint.com/Accounting)
  • Select Authentication > User Credentials
  • Select Save
  • Add SharePoint credentials for the current InfoBurst user
  • Select Save
  • Select Test Logon
  • Select Close


See Also

Platform Configurations

Destinations