Before you can extract Microsoft SharePoint Online catalog source metadata, complete prerequisite tasks.
Ensure that the following prerequisites are met:
•Verify permissions
•Verify authentication
•Create a connection in Administrator
Verify permissions
To extract metadata and to configure other capabilities that a catalog source might include, you need account access and permissions on the source system. The permissions required might vary depending on the capability.
Permissions for metadata extraction
To extract Microsoft SharePoint Online metadata, you need account access and permissions to the Microsoft SharePoint Online source system.
Verify that the administrator performs the following tasks:
•Can connect to the Microsoft SharePoint Online account to access the Microsoft SharePoint Online application.
•Configures the Microsoft SharePoint Online connector.
•Grants read permission for Site and its contents, such as Subsite and Document Library.
Permissions to run data classification
You can perform data classification with the permissions required to perform metadata extraction.
Permissions to run glossary association
You can perform glossary association with the permissions required to perform metadata extraction.
Verify authentication
Before you use the Microsoft SharePoint Online connector, you must generate the client ID, client secret, bearer realm, authorization code, and refresh token that are required to establish a Microsoft SharePoint Online connection.
To generate the client ID and client secret, create a Microsoft SharePoint Online account to access the Microsoft SharePoint Online application. You must enable the Google PostMan application plug-in to generate the bearer realm, authorization code, and refresh token in the Google PostMan application.
Complete the following prerequisite tasks:
1Generate the client ID and client secret.
2Generate the bearer realm of your site.
3Generate the authorization code.
4Generate the refresh token.
Generate the Client ID and Client Secret
The client ID and client secret are required to generate a valid access token.
Perform the following steps to generate the client ID and client secret:
1Log in to the Microsoft Sharepoint Online account.
The value of the client ID is displayed in the Client Id field. The following image shows the App Information page where you can generate the values of the client ID and client secret:
4Click Generate next to the Client Secret field.
The value of the client secret is displayed in the Client Secret field.
5Enter an appropriate title for the App in the Title field.
6Enter an app domain name in the App Domain field.
For example, www.google.com
7Enter a URL in the Redirect URL field.
For example, https://localhost/. You must enter the same redirect URL in the connection property.
8Click Create.
The page redirects to the Microsoft Sharepoint Online page and the following message appears:
The app identifier has been successfully created.
The values of the client Id, client secret, title, and redirect URL are displayed.
Generate the Bearer Realm
A bearer realm is a unique ID provided for each user. You must generate the bearer realm to obtain the authorization code.
Perform the following steps to generate the bearer realm:
1Open the Google PostMan application.
2Enter the following site or subsite URL in the Google PostMan application:
For example, https://icloudconnectivitydev.sharepoint.com/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
For example, //informaticaone.sharepoint.com/sites/TEST/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
2Click Trust it to grant the application read access to the current site after the page redirects to the redirect URL page that you specify in the connection property.
The redirect URL page includes the authorization code as a query string in the following format:
https://<redirect_url>/?code=<authcode>
The following image shows the authorization code as a query string in the URI:
Note: The authorization code generated is valid only for five minutes.
Generate the Refresh Token
A refresh token is required to perform the POST and GET methods in the Google PostMan application. After you generate a refresh token, it is valid for six months.
Perform the following steps to generate the refresh token:
1Enter the following URL in the Google PostMan application:https://accounts.accesscontrol.windows.net/<bearer_realm>/tokens/OAuth/2
The following image shows the Normal tab in the Google PostMan application where you can configure the properties to generate the refresh token:
2Select the POST method.
3On the Header tab, enter Content-Type in the Key Name field and application/x-www-form-urlencoded in the Value field.
4On the Body tab, enter the xml request in the following format:
grant_type=authorization_code &client_id=<client_id>@<bearer_realm> &client_secret=<client_secret> &code=<auth_code> &redirect_uri=<redirect_url> &resource=< audience principal ID >/<site_host>@<bearer_realm>
5Click Send.
The refresh token is generated in the Response tab. The following image shows the Response tab where the refresh token is generated:
Create a connection
Before you configure the Microsoft SharePoint Online catalog source, create a connection object in Administrator.
1In Administrator, select Connections.
2Click New Connection.
3Enter the following connection details:
Property
Description
Connection Name
Name of the connection.
Each connection name must be unique within the organization. Connection names can contain alphanumeric characters, spaces, and the following special characters: _ . + -,
Maximum length is 255 characters.
Description
Description of the connection. Maximum length is 4000 characters.
Type
Sharepoint Online
Runtime Environment
The name of the runtime environment where you want to run tasks.
4Select the Access Control Service authentication type to connect to Microsoft SharePoint Online and enter the required properties.
5Click Test Connection.
Access Control Service Authentication
You can use the Access Control Service authentication to access the SharePoint API.
The following table describes the basic connection properties for Access Control Service authentication:
Property
Description
Account types
The tenant that you want to use to access the application.
Select None.
Single tenant id
Required only when you select the Single tenant account type.
The unique ID of the organization to manage and control access to resources, applications, devices, and services.
Client_Id
Client ID of Microsoft SharePoint Online required to generate a valid access token.
Client_Secret
Client secret of Microsoft SharePoint Online required to generate a valid access token.
Refresh_Token
Refresh token of Microsoft SharePoint Online.
Redirect_URL
URL where you want to redirect from the Microsoft SharePoint Online account.
URL
URL to the Microsoft SharePoint Online account.
Attachment_File_Path
Directory on the Secure Agent machine where you want to download or attach files to Microsoft SharePoint Online.
The following table describes the advanced connection properties for Access Control Service authentication:
Property
Description
Subsite_URL
URL of the Microsoft SharePoint Online account within the Microsoft SharePoint site.
If you do not enter a subsite URL, the Microsoft SharePoint Online Connector reads the files from the URL that you specify in the URL property.
