Skip to main content
Skip table of contents

Configure Shinydocs Pro Control Center access for Microsoft Sources (OneDrive, Teams, SharePoint Online, Exchange Online)

By integrating with Microsoft Azure, the Shinydocs Pro software can operate with Microsoft SharePoint Online and/or Exchange Online — maintaining secure and compliant access to this cloud application with policy-based access controls.

The following document describes how to enable Azure authentication for Microsoft SharePoint Online.

Note that this process does require certificates, which are used by Azure to prove the Shinydocs application’s identity when requesting a token. You need two files, a .cer file with the public key which you upload to Azure, and a .pfx file with the private key that you add to the Shinydocs software.

These files are often provided by an organization’s IT or Network team.

A self-signed certificate can be used but is not advised depending on your organization’s infrastructure and security policies. More information on Azure and Self-Signed Certificates can be found here. https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate
For the Microsoft PowerShell script to create a self-signed certificate, please visit https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread

Table of Contents

Requirements

  • Internet access to reach Microsoft Online

  • Azure/Entra permission to create application registrations and grant admin consent

  • A certificate used to authenticate (Azure requires the .cer and Shinydocs Pro requires the .pfx)

Register Shinydocs Software with Azure

The first step of the process is to register your Shinydocs software with Azure, so that it can access SharePoint Online or Exchange Online data.

You only need to register one application for Shinydocs software. Permissions to supported repositories can be configured under the one registration.

  1. Open Microsoft Azure.

  2. In the upper left corner dropdown menu, navigate to Azure Active Directory.

  3. From the sidebar menu, select App registrations

  4. Select + New registration

  5. Enter a name for the application. In this case, we used “Shinydocs Pro” as the application name.

  6. Select who, within your organization, can use or access the application. In most cases, the first option (Single tenant) will be selected (see below).

  7. The optional Redirect URl is not needed in this case.

  8. Select Register to continue.

Upload Authentication Certificate to Azure

These steps require a .cer file.

  1. From the sidebar menu, select Certificates & secrets

  2. Select Certificates

  3. Select Upload certificate

    image-20230608-151530.png
  4. Select the folder icon to browse for your certificate (.cer). Optionally, add a description to let other administrators know what this certificate is used for.

    image-20230608-151912.png
  5. Select Add

  6. Verify that the certificate was uploaded successfully by confirming the certificate is shown under Certificates

    image-20230608-152201.png
  7. In the left-hand menu, open Overview

    image-20240117-174046.png
  8. Note/save the following information for configuring Shinydocs Pro in later steps.

  • Application (client) ID: ___________________________________________________
  • Directory (tenant) ID: ___________________________________________________

Source-specific permissions

If you connect to more than one Microsoft content source, there will be overlapping permissions due to the design of SharePoint, Teams, etc.

Your Shinydocs Control Center app registration only needs one copy of the permission.

Permission to access SharePoint Online Content

Permission to access SharePoint Online Content

Now that the Shinydocs Application has been registered with Azure, it’s time to apply permissions to access content within SharePoint Online.

  1. From the sidebar menu, select API permissions

  2. Select + Add a permission

    image-20240506-141546.png
  3. Add permissions for Teams under Microsoft Graph:

    image-20241016-181749.png
    1. Sites.Read.All
      Type: Delegated

    2. User.Read
      Type: Delegation

  4. Next, select Grant admin consent for [Tenant Name].

    ec18f5a5-c20a-498e-833d-353328316d92-20240506-141845.png
  5. Select Yes to grant consent for the requested permissions for all accounts in [Directory Name].

  6. At the top of the page, there will be a notification that admin consent for the requested permissions was successfully granted.

Permission to access Exchange Online

Permission to access Exchange Online

Now that the Shinydocs Application has been registered with Azure, it’s time to apply permissions to access content within Exchange Online.

  1. From the sidebar menu, select API permissions

  2. Select + Add a permission

    image-20240506-141546.png
  3. Add permissions for SharePoint by selecting SharePoint from the list of Microsoft Applications.

    image-20240710-184638.png
  4. For the type of permissions, your application requires, select Application permissions

    image-20240710-184655.png
  5. Select the required permissions for reading Exchange users and mail. At a minimum, the following items should be selected:

    1. Under the User permissions, select User.Read.All.

    2. Under Mail permissions, select Mail.Read.

  6. Select Add permissions at the bottom of the page.

  7. The API permissions should now be updated to include Graph.

    image-20240710-185156.png
  8. Next, select Grant admin consent for [Tenant Name].

    ec18f5a5-c20a-498e-833d-353328316d92-20240506-141845.png
  9. Select Yes to grant consent for the requested permissions for all accounts in [Directory Name].

  10. At the top of the page, there will be a notification that admin consent for the requested permissions was successfully granted.

Permission to access Teams

Permission to access Teams

Now that the Shinydocs Application has been registered with Azure, it’s time to apply permissions to access content within Teams.

  1. From the sidebar menu, select API permissions

  2. Select + Add a permission

    image-20240506-141546.png
  3. Add permissions for Teams under Microsoft Graph:

    image-20241016-181749.png
    1. Channel.ReadBasic.All
      Type: Application

    2. ChannelMember.Read.All
      Type: Application

    3. ChannelMessage.Read.All
      Type: Application

    4. ChannelSettings.Read.All
      Type: Application

    5. Chat.Read.All
      Type: Application

    6. Chat.ReadBasic.All
      Type: Application

    7. ChatMessage.Read.All
      Type: Application

    8. Files.Read.All
      Type: Application

    9. Team.ReadBasic.All
      Type: Application

    10. User.Read
      Type: Delegation

    11. User.Read.All
      Type: Application

  4. Next, select Grant admin consent for [Tenant Name].

    ec18f5a5-c20a-498e-833d-353328316d92-20240506-141845.png
  5. Select Yes to grant consent for the requested permissions for all accounts in [Directory Name].

  6. At the top of the page, there will be a notification that admin consent for the requested permissions was successfully granted.

Permission to access OneDrive

Permission to access OneDrive

Now that the Shinydocs Application has been registered with Azure, it’s time to apply permissions to access content within OneDrive.

  1. From the sidebar menu, select API permissions

  2. Select + Add a permission

    image-20240506-141546.png
  3. Add permissions for OneDrive under Microsoft Graph:

    image-20241016-181749.png
    1. Files.Read.All
      Type: Application

    2. Sites.Read.All
      Type: Application

    3. User.Read
      Type: Delegation

    4. User.Read.All
      Type: Application

  4. Next, select Grant admin consent for [Tenant Name].

    ec18f5a5-c20a-498e-833d-353328316d92-20240506-141845.png
  5. Select Yes to grant consent for the requested permissions for all accounts in [Directory Name].

  6. At the top of the page, there will be a notification that admin consent for the requested permissions was successfully granted.

Configure Shinydocs Control Center

The following configurations are performed in the Shinydocs Control Center’s + Add source feature.

SharePoint Online

SharePoint Online

These steps can be followed once Shinydocs Pro has been installed.
You will need the .pfx file from your certificate.

Moving the .pfx after setting the Certificate file location will cause any related tasks to fail.

If the .pfx file is moved, you will need to update the Certificate file location to the new path.

In Shinydocs Control Center (either in quick-start or + Add source):

image-20240711-145226.png

  1. Select Microsoft SharePoint Online as your new or existing source

  2. Under Type, select Sharepoint Online

  3. Under Tenant URL, enter the root URL of the Sharepoint site (https://acmecorp.sharepoint.com/)

  4. Under Application ID, enter the Application (client) ID previously noted

  5. Under Tenant ID, enter the Directory (tenant) ID previously noted

  6. Under Certificate file location, enter the path of the .pfx file

    1. Do not use double quotes around the path

  7. Under Certificate password, enter the password for the .pfx file. If your .pfx file does not have a password, leave this field blank

  8. Under Site, leave this field blank to crawl all available sites. If you want to crawl a specific site, enter the URL to the site like this:

    CODE
    https://acmecorp.sharepoint.com/sites/ACMEhome
  9. Click Start Analysis

Congratulations! You should now be crawling your organization’s SharePoint content.

Exchange Online

Exchange Online

These steps can be followed once Shinydocs Pro has been installed.
You will need the .pfx file from your certificate.

Moving the .pfx after setting the Certificate file location will cause any related tasks to fail.

If the .pfx file is moved, you will need to update the Certificate file location to the new path.

In Shinydocs Control Center (either in quick-start or + Add source):

  1. Select Microsoft Exchange Online

    image-20240710-190320.png

  2. Enter the following information:

    image-20240710-190444.png

    1. Application (client) ID: Provided by Azure on app registration
      example: 26429906-0457-8031-NmQR-Y9T97oqzNA9H

    2. (directory) Tenant ID: Provided by Azure on app registration
      example: 03ueq69e-2069-7863-nxfq-vzio2wvxkl19

    3. Certificate file location: Full file path to the PFX certificate file (don’t use double-quotes)
      example: C:\Program Files\Shinydocs Professional\Azure\acme.pfx

    4. Certificate password (optional): If you chose to use a password for your certificate, enter it here

  3. Click Next

  4. Enter the mailbox address you want to crawl, if you want to crawl all mailboxes, leave the field blank.

  5. Click Start Analysis

Congratulations! You should now be crawling your organization’s Exchange content.

Teams

Teams

When crawling a specific user(s), only the users Direct Messages (DMs) will be analyzed. For a complete analysis, leave the user field empty.

These steps can be followed once Shinydocs Pro has been installed.
You will need the .pfx file from your certificate.

Moving the .pfx after setting the Certificate file location will cause any related tasks to fail.

If the .pfx file is moved, you will need to update the Certificate file location to the new path.

In Shinydocs Control Center (either in quick-start or + Add source):

  1. Select Microsoft Team

    image-20241016-185410.png
  2. Enter the following information:

    image-20241016-185511.png
    1. Application (client) ID: Provided by Azure on app registration
      example: 26429906-0457-8031-NmQR-Y9T97oqzNA9H

    2. (directory) Tenant ID: Provided by Azure on app registration
      example: 03ueq69e-2069-7863-nxfq-vzio2wvxkl19

    3. Certificate file location: Full file path to the PFX certificate file (don’t use double-quotes)
      example: C:\Program Files\Shinydocs Professional\Azure\acme.pfx

    4. Certificate password (optional): If you chose to use a password for your certificate, enter it here

  3. Click Next

  4. Enter the user id or Teams id you want to crawl, if you want to crawl everything, leave the field empty.

  5. Click Start Analysis

Congratulations! You should now be crawling your organization’s Teams content.

OneDrive

OneDrive

These steps can be followed once Shinydocs Pro has been installed.
You will need the .pfx file from your certificate.

Moving the .pfx after setting the Certificate file location will cause any related tasks to fail.

If the .pfx file is moved, you will need to update the Certificate file location to the new path.

In Shinydocs Control Center (either in quick-start or + Add source):

  1. Select Microsoft Exchange Online

    image-20241016-190106.png
  2. Enter the following information:

    image-20241016-190128.png
    1. Application (client) ID: Provided by Azure on app registration
      example: 26429906-0457-8031-NmQR-Y9T97oqzNA9H

    2. (directory) Tenant ID: Provided by Azure on app registration
      example: 03ueq69e-2069-7863-nxfq-vzio2wvxkl19

    3. Certificate file location: Full file path to the PFX certificate file (don’t use double-quotes)
      example: C:\Program Files\Shinydocs Professional\Azure\acme.pfx

    4. Certificate password (optional): If you chose to use a password for your certificate, enter it here

  3. Click Next

  4. Enter the user id you want to crawl, if you want to crawl everything, leave the field empty.

  5. Click Start Analysis

Congratulations! You should now be crawling your organization’s Exchange content.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.