Configure app within M365 - Application based permissions (recommended)
The preferred method to authenticate with the graph api is via application based permissions.
Using M365 SharePoint as a Gimmal Link Enterprise repository you will need to ensure that the Enterprise Connector is configured and able to connect to the Microsoft graph API. You must create an enterprise application via the Microsoft Azure portal to complete this procedure. This will require an account with appropriate level of permissions to grant correct access rights to a user (connector user) using the graph API when inside the azure portal.
You can either self-grant access or have an admin grant access to the graph API and its corresponding access rules inside the azure portal if and only if that user has authority to grant access to those rules.
The following steps below outline this process:
i. Visit https://portal.azure.com/ then login using an appropriate account.
ii. Click on Active Driectory, then click on App Registrations and click on new registration.
Name the application GimmalLinkENT_suffix (Either DEV, TEST,PROD) depending on environment provisioning.
Select single tenant.
Click register.
Click Api Permissions under Manage.
Click Add Permissions.
Select Microsoft Graph, and then select application permissions.
Type "Sites" in the search and select Sites.FullControl.All and Sites.Manage All for permissions.
(Creating site permissions requires Sites.FullControl.All)
If you want to do permissions granularly at the site level follow, you may choose Site.Selected. Please reference this guide from Microsoft for site level permissions. https://learn.microsoft.com/en-us/graph/api/site-post-permissions?view=graph-rest-beta&tabs=http (We have also included a summary of the site level permissions here)
Click Grant admin consent for GimmalLinkENT_suffix
Click certificates and secrets.
Click new client secret
Type in for the description GimmalLinkENT_suffix. (Where the suffix is DEV/TEST/PRD.
Select the appropriate expiry time.
Save the Value which is the secret required to configure the Gimmal Link Enterprise middleware later.
CLick on manifest and change "allowPublicClient" to true and click save. (not required app based permissions)
Click on overview and save the following information. App ID, and tenant ID.
Secret Id
Configure Gimmal Link Enterprise in middleware GUI:
- Visit http://localhost:82 (enter the default user and password).
- Click "Sharepoint Online"
- Click "Add Row"
- Enter the saved details in the previous page and enter them in the correct locations.
- Click test connection. If "Success" is displayed the configuration has was done correctly.
These are only sample values in screenshot. (replace with actual values from steps above)