| At line 1 removed one line |
| !!!1. Sharepoint Microsoft Graph REST API-based integration.\\ |
| At line 3 changed one line |
| More info about __Microsft Graph REST API__: [https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0}]\\ |
| __CrushFTP__ supports both __SharePoint REST API V1__ and __SharePoint REST API V2__ (SharePoint with Microsoft Graph API).\\ |
| At line 4 added 4 lines |
| ---- |
| !!!1. Sharepoint Microsoft Graph REST API-based integration.\\ |
| More info about __Microsft Graph REST API__: [Link|https://learn.microsoft.com/en-us/graph/api/resources/onedrive?view=graph-rest-1.0]\\ |
| \\ |
| At line 9 added 6 lines |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • __login.microsoftonline.com__\\ |
| • __graph.microsoft.com__\\ |
| ---- |
| Open the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal]\\ |
| At line 7 changed 3 lines |
| __!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • login.microsoftonline.com\\ |
| • graph.microsoft.com\\ |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\ |
| At line 11 removed 4 lines |
| Open the Microsoft Azure Portal: [https://azure.microsoft.com/en-us/features/azure-portal]/\\ |
| \\ |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on "New registration" to create a new application.\\ |
| \\ |
| At line 17 changed one line |
| The Redirect URL must end with __"register_microsoft_graph_api/"__.\\ |
| In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__.\\ |
| At line 22 changed 5 lines |
|
| }}} |
| or |
| {{{ |
| |
| or |
| At line 28 changed 2 lines |
| |
| }}} |
|
| }}}\\ |
| At line 31 changed one line |
| __Configure API permission:__ You must also grant permissions for Microsoft Graph. Go to the __API Permissions__ section, click Add a permission, and select __Microsoft Graph__. To learn more about Microsoft Graph permissions—including the difference between __Application__ and __Delegated__ permissions—refer to the official documentation: [https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http]\\ |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| At line 32 added 6 lines |
| [attachments|new_secret.png]\\ |
| \\ |
| [attachments|secret_value.png]\\ |
| \\ |
| __Configure API permission:__ You must also grant permissions for Microsoft Graph. Go to the __API Permissions__ section, click Add a permission, and select __Microsoft Graph__. To learn more about Microsoft Graph permissions—including the difference between __Application__ and __Delegated__ permissions—refer to the official documentation: [Link|https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http]\\ |
| \\ |
| At line 42 added 3 lines |
| ---- |
| !1.1.1 Microsoft Graph Scopes for SharePoint Integration: |
| ---- |
| At line 47 changed one line |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| ---- |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [Microsoft Graph permissions reference |
| Link|https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| At line 54 changed one line |
| __Configure API Permission__: Navigate to API Permissions. Click on Add a permission button. Select __Microsoft Graph__. Then select __Application Permission__. Search for __Sites__ and check the flag Sites.FullControl.All permission.\\ |
| ---- |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the __Microsoft Graph API__. __⚠️ Important:__ The application must first be registered in Azure AD with the __Sites.Selected__ application permission. More information is available at the following link: [Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| At line 56 removed 2 lines |
| __c.) Sites.Selected__: Grants the application no access to SharePoint sites by default. However, you can explicitly grant access to specific sites by using the Microsoft Graph API. More information is available at the following link: [Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| At line 70 added one line |
| ---- |
| At line 62 changed one line |
| Grant __Admin consent__ for the newly added permission.\\ |
| __⚠️ Important:__ Grant __Admin consent__ for the newly added permission.\\ |
| At line 70 changed one line |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the __value__ immediately!\\ |
| !1.1.2 Sharepoint VFS item configuration (Application Permission):\\ |
| At line 72 changed one line |
| [attachments|new_secret.png]\\ |
| Select the __Application Permission__ radio button, then click __Application Permission__.\\ |
| At line 74 changed one line |
| [attachments|secret_value.png]\\ |
| Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the __username__ and __password__ in the [VFS] item settings. After that, click the __OK__ button and proceed with the SharePoint site-specific configuration.\\ |
| At line 76 removed 4 lines |
| __Sharepoint VFS item configuration:__\\ |
| \\ |
| Select the __Application Permission__ radio button, then click __Application Permission__. Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets), and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID), then click OK. This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| \\ |
| At line 82 changed one line |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( Link: [https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings]\\ |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ([Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings])\\ |
| At line 89 changed one line |
| \\ |
| !1.2.1 Microsoft Graph Scopes for SharePoint Integration:# |
| ---- |
| At line 104 added one line |
| ---- |
| At line 98 changed one line |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info -> [https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| __b.) Sites.FullControl.All__: Grants the application full control over all site collections in the tenant without user interaction. ( More info: [Microsoft Graph permissions reference |
| Link|https://learn.microsoft.com/en-us/graph/permissions-reference#sites-permissions])\\ |
| At line 116 added one line |
| ---- |
| At line 124 added one line |
| ---- |
| At line 115 changed one line |
| Grant __Admin consent__ for the newly added permission.\\ |
| ⚠️ Grant __Admin consent__ for the newly added permission.\\ |
| At line 123 changed one line |
| __Secret key:__ A new client secret needs to be created as well. Go to the "Certificate & secrets" and generate a new secret key. Click on New client secret.\\ |
| !1.2.1 SharePoint remote item settings (Delegated Permission):\\ |
| At line 125 changed one line |
| [attachments|new_secret.png]\\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| At line 127 changed one line |
| [attachments|secret_value.png]\\ |
| Select the __Delegated Permission__ radio button, then click __Get Refresh Token__.\\ |
| Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID).\\ |
| Click the __OK__ button and proceed with the authentication and authorization process.\\ |
| __⚠️ Important__: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.\\ |
| This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| At line 129 removed 6 lines |
| __SharePoint remote item settings:__\\ |
| \\ |
| __!!! The CrushFTP admin page URL must match the redirect URL.__ In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/register_microsoft_graph_api/\\ |
| \\ |
| Select the __Delegated Permission__ radio button, then click __Get Refresh Token__. Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets), and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| \\ |
| At line 139 changed one line |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( Link: [https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings]\\ |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings])\\ |
| At line 150 changed one line |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide the name of this document library.\\ |
| __Drive name__: Each SharePoint site has a Document Library where the site-related files are stored. See [SharePoint: Documents and Libraries Description Link|https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide the name of this document library.\\ |
| At line 152 changed one line |
| __Conflict Behaviour__: \\ |
| \\ |
| __Conflict Behaviour__ (Only for the SharePoint remote VFS item type — not available for SharePoint2)): \\ |
| At line 157 changed one line |
| !!! 2. SharePoint REST service API-based integration\\ |
| ---- |
| !!! 2. SharePoint REST service API-based integration (Remote protocol: Sharepoint2)\\ |
| __⚠️ Remote item name:__ Sharepoint2\\ |
| More info: [SharePoint REST Service Link|https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?tabs=csom]\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains:\\ |
| • __login.microsoftonline.co__m\\ |
| • __<yourtenant>.sharepoint.com__ — for accessing SharePoint site collections\\ |
| ---- |
| !!! 2.1 Azure: App Registration for SharePoint REST API Access\\ |
| Open the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal]\\ |
| At line 159 changed 2 lines |
| __!!! Remote item name:__ Sharepoint2\\ |
| More info : [https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?tabs=csom]\\ |
| __Application registration__: Navigate to the __App registrations__ and click on __New registration__. Select platform: __Web__ and Configure the Redirect URL.\\ |
| At line 162 changed one line |
| !!! 2.1 Azure: App Registration for SharePoint REST API Access\\ |
| [attachments|new_registration.png]\\ |
| At line 164 changed one line |
| Application registration: Go to the App registrations and click on New registration. Select platform: Web and Configure redirect URL like:\\ |
| In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__. Examples:\\ |
| \\ |
| At line 167 changed 3 lines |
| }}} |
| or |
| {{{ |
| or |
| At line 171 changed one line |
| }}} |
| }}}\\ |
| At line 173 changed one line |
| Navigate to API Permissions. Click on Add a permission button. Select SharePoint or Microsoft Graph. Then select Delegated/Application Permission. Search for Sites and check the flag Sites.Selected.\\ |
| __API Permissions:__\\ |
| At line 175 changed one line |
| __App Permissions for SharePoint REST API__ (See at: [https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/get-to-know-the-sharepoint-rest-service?tabs=csom]):\\ |
| Only __Delegated__ permission types are supported. __CrushFTP__ only supports authentication using a __client secret__ — ⚠️ certificate-based authentication is not supported.\\ |
| At line 195 added 22 lines |
| ---- |
| __a.) SharePoint.AllSites.FullControl__: Grants an application full control over all site collections in SharePoint Online across the entire tenant. This is the highest level of SharePoint permission available for applications and enables full administrative access to both content and site settings.\\ |
| \\ |
| Navigate to __API Permissions__. Click on __Add a permission__ button. Select __SharePoint__. Then select __Delegated Permission__. Search for AllSites and check the flag __AllSites.FullControl__.\\ |
| \\ |
| ---- |
| __b.) SharePoint.AllSites.Manage__: Grants an app manage-level access to all site collections in SharePoint Online. This includes the ability to read and write content, as well as manage lists and libraries, but not full administrative control (e.g., cannot manage site permissions or site settings).\\ |
| \\ |
| This permission allows the app to:\\ |
| • Access all SharePoint sites in the tenant.\\ |
| • Create, read, update, and delete\\ |
| • Files and folders\\ |
| • Lists and list items\\ |
| • Libraries and site content structures\\ |
| \\ |
| Navigate to __API Permissions__. Click on __Add a permission__ button. Select __SharePoint__. Then select __Delegated Permission__. Search for AllSites and check the flag __AllSites.Manage__.\\ |
| \\ |
| ---- |
| __c.) SharePoint.Sites.Selected__: The __Sites.Selected__ permission allows an app to access only the specific SharePoint sites you explicitly authorize. __⚠️ Important:__ The application must first be registered in Azure AD with the Sites.Selected application permission. More information is available at the following link: [Managing SharePoint Site Access for Applications Using Sites.Selected Permission|CrushTaskExample19].\\ |
| \\ |
| Navigate to __API Permissions__. Click on __Add a permission__ button. Select __SharePoint__. Then select __Delegated Permission__. Search for Sites and check the flag __Sites.Selected__.\\ |
| \\ |
| At line 218 added one line |
| ---- |
| At line 179 changed one line |
| Grant __Admin consent__ for the newly added permission.\\ |
| ⚠️ Grant __Admin consent__ for the newly added permission.\\ |
| At line 183 changed one line |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!\\ |
| __Secret key__: A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| At line 226 added one line |
| [attachments|new_secret.png]\\ |
| At line 228 added 18 lines |
| [attachments|secret_value.png]\\ |
| \\ |
| __SharePoint2 remote item settings:__\\ |
| \\ |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| \\ |
| Click on __Get Refresh Token__.\\ |
| Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID).\\ |
| click the __OK__ button and proceed with the authentication and authorization process.\\ |
| __⚠️ Important__: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.\\ |
| This will automatically configure the username and password in the VFS item settings. After that, proceed with the SharePoint site-specific configuration.\\ |
| \\ |
| Tennant: See at App Registration -> Overview -> Directory (tenant) ID. Based on the App Registration Account type it can be an ID, common, or consumer.\\ |
| \\ |
| Provide the SharePoint-specific settings. See under the __1.3.Sharepoint-specific settings.__ ( [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SharePoint%20Integration#section-SharePoint+Integration-1.3.SharepointSpecificSettings])\\ |
| \\ |
| [attachments|sharepoint2_refresh_token_vfs_item.png]\\ |
| \\ |
| At line 188 changed one line |
| __!!!Constraint:__ On newer Sharepoint (after 2019) Grant App permission as it is disabled by default. To enable Custom Application APP Authentication run the following PowerShell commands:\\ |
| __⚠️ Constraint:__ On newer Sharepoint (after 2019) Grant App permission as it is disabled by default. To enable Custom Application APP Authentication run the following PowerShell commands:\\ |
| At line 288 added one line |
|
| At line 290 added one line |
| |
| At line 247 changed one line |
| __Drive name__: Each SharePoint site has a document library where the site-related files are stored. See [https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name\\ |
| __Drive name__: Each SharePoint site has a Document Library where the site-related files are stored. See [SharePoint: Documents and Libraries Description Link|https://support.microsoft.com/en-us/office/what-is-a-document-library-3b5976dd-65cf-4c9e-bf5a-713c10ca2872] Provide its name\\ |
