| At line 5 changed one line |
| __Remote item name:__ Sharepoint\\ |
| Remote item name: __Sharepoint__\\ |
| At line 31 changed one line |
| [attachments|register_app.png]\\ |
| __Configure API permission:__ You must also grant permissions for Microsoft Graph. Go to the __API Permissions__ section, click Add a permission, and select __Microsoft Graph__. To learn more about Microsoft Graph permissions—including the difference between __Application__ and __Delegated__ permissions—refer to the official documentation: [https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http]\\ |
| At line 33 changed one line |
| Under the redirect URL enable the __Access Token__ to be issued by the authorization endpoint:\\ |
| !!!1.1 Application Permission:\\ |
| At line 35 changed one line |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\ |
| Application permissions are used when an application runs without a signed-in user, such as in server-to-server connections.\\ |
| At line 37 changed one line |
| __API permission:__ You must also provide permission for the Microsoft Graph. Go to the Api permission. Click on Add Permission, and select Microsoft Graph. About __Microsoft Graph Permission__ see more details at [https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http] (it explains Application Permission and Delegated Permission).\\ |
| __a.) Files.ReadWrite.All__: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).\\ |
| This includes the ability to:\\ |
| • List, read, update, create, and delete files and folders\\ |
| • Upload/download documents\\ |
| • Modify file metadata\\ |
| At line 39 changed one line |
| !!!1.1 Application Permission:\\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Files__ and check the flag Files.ReadWrite.All permission.\\ |
| At line 41 changed one line |
| It permits a Server to __server-to-server__ authentication. Add __Files.REadWriteAll__ permission.\\ |
| [SharePoint Integration/ms_graph_app_permission.png]\\ |
| At line 43 changed one line |
| [OneDriveSetup/ms_graph_app_permission.png]\\ |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| At line 49 added 13 lines |
| This permission allows the app to:\\ |
| • Read and write all files in all SharePoint Online site collections\\ |
| • Manage lists, document libraries, subsites, and site permissions\\ |
| • Perform site-level actions across the entire tenant\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag Sites.FullControl.All permission.\\ |
| \\ |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link: [Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag Sites.Selected permission.\\ |
| \\ |
| [CrushTaskExample19/site_selected_microsoft_graph.png]\\ |
| \\ |
| At line 49 changed one line |
| __Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\ |
| __Client id__: See at App Registration -> Overview -> Application (client) ID\\ |
| At line 53 changed one line |
| __Secret key:__ A new client secret needs to be created as well. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.\\ |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the __value__ immediately!\\ |
| At line 59 changed one line |
| __Authentication related settings:__\\ |
| __Sharepoint VFS item configuration:__\\ |
| At line 61 changed 6 lines |
| __User name:__ Itt must start with "app_permission", then the Client ID separated with tilda.\\ |
| {{{ |
| app_permission~<<Client ID>> |
| }}}\\ |
| __Password:__ Client Secret.\\ |
| __Tennant:__ The tenant id. Tenant: See your App registration -> Overview -> EndPoints. Based on the App Registration Account type it can be an ID, common, or consumer.\\ |
| Select the __Application Permission__ radio button, then click __Application Permission__. Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets), and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| \\ |
| __Tennant:__ See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type it can be an ID, common, or consumer.\\ |
| \\ |
| At line 88 added 24 lines |
| Delegated permissions are used when an application makes API calls as the signed-in user. The app is delegated the user’s permissions and can only access resources that the user is authorized to access.\\ |
| \\ |
| __a.) Files.ReadWrite.All__: Grants the application read and write access to all files the signed-in user can access, across all user drives and document libraries (including SharePoint sites and OneDrive for Business).\\ |
| This includes the ability to:\\ |
| • List, read, update, create, and delete files and folders\\ |
| • Upload/download documents\\ |
| • Modify file metadata\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Files__ and check the flag Files.ReadWrite.All permission.\\ |
| \\ |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| \\ |
| This permission allows the app to:\\ |
| • Read and write all files in all SharePoint Online site collections\\ |
| • Manage lists, document libraries, subsites, and site permissions\\ |
| • Perform site-level actions across the entire tenant\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Sites__ and check the flag Sites.FullControl.All permission.\\ |
| \\ |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link:[Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Delegated Permission__. Search for __Sites__ and check the flag Sites.Selected permission.\\ |
| \\ |
| \\ |
| At line 115 added 4 lines |
| Grant __Admin consent__ for the newly added permission.\\ |
| \\ |
| [attachments|app_permission_admin_consent.png]\\ |
| \\ |
| At line 88 changed one line |
| __!!! The CrushFTP admin page URL must match the redirect URL.__ In our example : http://localhost:9090\\ |
| __!!! The CrushFTP admin page URL must match the redirect URL.__ In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/register_microsoft_graph_api/\\ |
| At line 90 changed one line |
| Select the SharePoint item type and click on the "Get Refresh Token" button. Provide the Client ID and Client Secret Value (not ID, see the screenshot), and Tenant (in almost all cases it is just: common).\\ |
| Select the __Delegated Permission__ radio button, then click __Get Refresh Token__. Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets), and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| At line 94 changed one line |
| Click on the "OK" button, log in with your Azure credentials, and allow CrushFTP to have access to your SharePoint files. After that the form will disappear and the username and password will be filled. Done.\\ |
| __Tennant:__ See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type it can be an ID, common, or consumer.\\ |
| At line 96 changed one line |
| [attachments|remote_item_done.png]\\ |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( Link: [https://www.crushftp.com/crush10wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings]\\ |
| At line 98 changed one line |
| !!!1.3.Sharepoint-specific settings:__\\ |
| !!!1.3.Sharepoint-specific settings:\\ |
| At line 103 changed 2 lines |
| __Site Path__: The path of the SharePoint site. It should start and end with a slash.\\ |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name.\\ |
| __Site Path__: The relative path of the SharePoint site without the domain. It should start and end with a slash (/).\\ |
| Examples:\\ |
| /sites/SiteS1/\\ |
| /teams/SiteS1/SiteS2/\\ |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide the name of this document library.\\ |
