Skip to main content
Skip table of contents

SharePoint Online settings

This article describes how to set up SharePoint Online integration with Discovery Search, including changes needed on the Azure Portal and within the configuration for Discovery Search.

Configure Microsoft Azure Active Directory

Register the Discovery Search App

  1. Open a browser and navigate to the Azure Portal (Microsoft Azure Portal)

  2. Select Azure Active Directory on the homepage

  3. Select App Registrations from the navigation panel in Azure Active Directory (Azure AD)

  4. Click + New Registration to add a new App Registration

  5. On the Register Page, you will need to provide the following information:

    1. Name: This is a display name for the application. It will be used in the portal to identify what the application is used for, so make it descriptive.

    2. Supported Account Types: This typically should be Accounts in this organizational directory only (Single tenant). This limits logins to the organization that is using the SharePoint instance.

    3. Redirect URI: This is the URL that Azure should redirect to once the login is successful. Typically this should be the fully qualified domain name of your Discovery Search. If you are using a load balancer, it should be the URI used to hit the load balancer, not the individual machines located behind the load balancer.

  6. Click the Register button

    An image of the overview page that is returned after an administrator successfully registers the Discovery Search app.

    Overview page after registering the Discovery Search app.

Set up Authentication

  1. Click on the Authentication link on the navigation sidebar

    An image of the the page that is displayed after an administrator clicks the Authentication link.

    Authentication page.

  2. Make the following changes on the Authentication page:

    1. Redirect URIs: This should be the URI to the discover server, including the /azuread/success path (for example, https://search.domain.com/azuread/success).

    2. Select both Access tokens and ID tokens in the Implicit Grant and Hybrid Flows section.

    3. Front-channel logout URL: This can remain empty.

    4. Ensure Supported account types is set to Accounts in this organizational directory only ( Single tenant).

    5. Advanced settings - Allow public client flows: This should be set to No.

  3. Save changes if required

Add a Client Secret

This section describes how to add a secret to the app registration.

  1. From the App page, select Certificates & secrets from the navigation sidebar

  2. Click + New client secret on the Client secrets tab

  3. Provide the following information on the form

    1. Description: A descriptive name of the secret.

    2. Expires: Provide how long the secret is valid for. Note that, when it expires, the integration with Discovery Search will stop working until a new secret is generated and updated in the Discovery Search web.config file.

  4. Click the Add button at the bottom of the screen

Copy the value for the secret shown on the page and keep it in a safe spot. This is the only time you will be able to see it. This will be needed as part of the configuration for Discovery Search.

Set up API Permissions

This section describes how to setup the appropriate API permissions for this application. This will allow Discovery Search to access SharePoint Online as the delegated user to do a permissions check.

  1. Select API permissions from the App registration navigation sidebar

  2. Click + Add a permission

  3. Select Microsoft Graph and select Delegated permissions (Your application needs to access the API as the signed-in user)

    1. offline_access: This is used to generate an OAuth refresh token so that the user does not need to authenticate for each search request.

    2. openid: Allows users to sign in to Azure AD.

    3. profile: Allows users to sign into Azure AD.

    4. User.Read: Allows users to sign in to Azure AD.

  4. Click Add permissions

  5. Click Add a permission again

  6. Select SharePoint and select Delegated permissions (Your application needs to access the API as the signed-in user)

    1. AllSites.Read: This allows the signed in user to view any sites and their contents to which they have access. This allows Discovery Search to execute the permissions check.

  7. Click Add permissions

  8. Click Grant admin consent for <Organization Name>

The final result should look like this:

Configure SharePoint

  1. As a SharePoint Administrator, go to the following URL: https://<tenant>-admin.sharepoint.com/_layouts/15/appinv.aspx

  2. Fill in the App Id with the value from the Application (client) ID from the App registration created above

  3. Click the Lookup button to lookup the rest of the details

  4. Fill in the App Domain with your top level domain (for example, shinydocs.com)

  5. Fill in the Permission Request XML with the following code

    CODE 
    <AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Read" />
 </AppPermissionRequests>

The AppPermissionRequests section is granting Read access to the SharePoint site for the app registration setup. This can be pasted as is. the user’s permissions will be respected with this setting.

The final result should look like this:

Connect Discovery Search to SharePoint

  1. Click the Create button to create the association between SharePoint and the App registration.

  2. You should be prompted with the following confirmation. Click Trust It to complete the registration.

Configure Discovery Search

This section describes how to configure Discovery Search to authenticate against Azure AD, enabling search of SharePoint Online.

  1. Navigate to the admin page in Discovery Search (for example, http://server/admin)

  2. Select Application settings at the bottom of the navigation sidebar

  3. Select SharePoint® Online settings

  4. Fill in the following settings

    1. SharePoint® Online site URL: The URL to your SharePoint online instance (for example, https://tenant.sharepoint.com).

    2. Permission chunk size: The number of index items that are permission checked upon retrieval from the index.

    3. Azure AD client ID: This can be found on the overview page of the App registration in the Azure portal.

    4. Azure AD tenant ID: This can be found on the overview page of the App registration in the Azure portal.

    5. Azure AD secret: This is the value of the secret that was created above. If you did not copy it at the time, you will need to create a new one.

    6. Azure AD Redirect URL: This is the URL that Azure AD will redirect to once the user is authenticated properly. This should be in the form of http://server/azuread/success. This should match the one added to the Authentication page in the Azure portal as documented above.

  5. Save changes

  6. Restart the Discovery Search application in IIS

Increasing the Permission chunk size value may improve performance, however it runs the risk of being throttled by SharePoint online.

Test the Configuration

This section describes how to test the integration of Discovery Search with SharePoint online.

An index of the SharePoint data must exist before Discovery Search can be used to find documents. Ensure a crawl with Shinydocs™ Cognitive Toolkit against the SharePoint instance has been completed before testing.

  1. Navigate to the Discovery Search homepage

  2. Click the dropdown menu in the top right corner

  3. Click the Reconnect option under SharePoint Online

  4. This will pop open a new window and prompt you to login

  5. Once the user has logged in, they will be shown a success screen

  6. Close the popup window

  7. Execute a search from the Discovery Search bar for items that are in SharePoint online

If you are already logged into Azure AD, the login prompt in step 4 will be skipped.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close