Summary
This article describes the configuration steps required in within Microsoft to allow SharePoint access from InfoBurst. Please consult your Microsoft administrators to determine the required authentication method and then complete the steps described in this article.
Authentication Methods
There are three methods of Azure AD authentication. Consult your Azure AD administrator to determine which method is required in your Microsoft environment.
Azure AD OAuth | Requires an application registered in Azure AD (with a secret and callback URI). Allows individual users to access SharePoint using OAuth token-based authentication. |
Azure AD App + Cert | Requires an application registered in Azure AD and configured to use a certificate and private key. Allows application-level access to the SharePoint site. |
SharePoint App | Requires an application registered in SharePoint. This is a legacy SharePoint authentication method. Microsoft recommends use of Azure AD OAuth or Azure AD App + Cert. |
User Credentials | Requires SharePoint site URL and SharePoint user credentials. We do not recommend creating a new SharePoint Platform of this type as Microsoft is deprecating this authentication method. |
Azure AD OAuth
This authentication method requires a server callback from Microsoft. This callback requires InfoBurst to be SSL-enabled. Enable SSL before proceeding with below steps.
The App Secret has an expiry date designated by the Azure AD administrator. An expired Secret will prevent InfoBurst from authenticating to Azure AD. Plan to update the Secret in Azure AD and Power BI Platform accordingly.
Step 1 (InfoBurst): Obtain Callback URI |
|
Step 2 (Azure AD): Register App |
|
Step 3 (Azure AD): Grant API Permissions |
|
Step 4 (InfoBurst): Create SharePoint Platform |
|
User Access
Each InfoBurst intending to use the SharePoint Platform must first add Platform Credentials:
- Select the user profile (username top right)
- Select Platform Credentials
- Select +
- Select the SharePoint Platform
- Select Begin Authentication (new Microsoft authentication tab opens)
- Select Accept
- Return to InfoBurst
- Select Close
Token Maintenance
User authentication tokens issued by Microsoft can expire. Use the following process to renew an authentication token:
- Select user profile
- Select Platform Credentials
- Select the SharePoint Platform
- Select Update Authentication to renew token
Azure AD App + Cert
Microsoft requires for this authentication method an X.509 certificate (.cer):
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread
The corresponding Personal Information Exchange file (.pfx) and Private Key Password are required for the InfoBurst SharePoint Platform described in Step 6 below.
The certificate has an expiry date designated by the certificate creator. An expired certificate will prevent InfoBurst from authenticating to Azure AD. Plan to update the certificate in Azure AD and SharePoint Platform accordingly.
Step 1 (Azure AD): Register App |
|
Step 2 (Azure AD): Grant API Permissions |
This permission level requires Admin consent. Consult your Azure AD administrator for details. |
Step 6 (InfoBurst): Create SharePoint Platform |
|
SharePoint App
The full SharePoint App creation process is described in the following Microsoft article:
https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
The App Secret has an expiry date (default = 1 year). An expired Secret will prevent InfoBurst from authenticating to SharePoint. Plan to update the Secret in SharePoint and the SharePoint Platform accordingly.
This authentication type is considered legacy by Microsoft and is not recommended. We recommend Azure AD OAuth or Azure AD App + Secret.
Step 1 (SharePoint): Generate Client ID and Secret |
|
Step 2 (SharePoint): Grant Access | Site-Level Access
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" /> </AppPermissionRequests>
Tenant-Level Access
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>
|
Step 3 (InfoBurst): Create SharePoint Platform |
|
User Credentials
This authentication type is considered legacy by Microsoft and may not function in your Microsoft environment. We recommend Azure AD OAuth or Azure AD App + Secret.
Step 1 (InfoBurst): Create SharePoint Platform |
|