Steps to gather the information needed to set-up the Getvisibility App and begin scanning a directory
This guide is presented to users in Getvisibility’s OneDrive Wizard.
Prerequisites
An admin user is required for scanning multiple users' onedrives. All references to user in these instructions assume admin.
Register Getvisibility in Azure Portal
...
Login to Azure Portal (http://portal.azure.com )
...
Choose your Azure Active Directory Tenant
...
Click on App Registration and Select New Registration
...
On the App Registration page enter below information and click Register button
■ Name: Enter a meaningful application name that will be displayed to users of the app
■ Supported account types:- Select which accounts you would like your application to support
■ Redirect URLs: Not required, can be left blank
■ Back in Azure Portal copy the Application (client) ID from the Overview page and enter it in the text box below
...
Where the wizard is not available, give this information to your Getvisibility representative.
Generate Client Secret for Getvisibility App
In the Azure portal, in App registrations, select your application
Select Certificates & secrets > New client secret
Add a description for your client secret
Select an expiration for the secret or specify a custom lifetime
Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months
Microsoft recommends that you set an expiration value of less than 12 months
Select Add
Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
Take a note of the secret value.
...
Where the wizard is not available, give this information to your Getvisibility representative.
Get API permissions for the App
In the Azure portal, in App registrations, select your application
Select API Permissions > Add a permission
○ Select Microsoft Graph and application permissions
Directory.Read.All
Files.Read.All
Sites.Read.All
User.Read.All
○ Once the permission is added, grant admin consent to it
| Code Block |
|---|
{
"connectionType":"onedrive",
"data":{
"scanType": "files",
"adminUserId": "{{adminUserId}}",
"clientId": "{{clientId}}",
"tenantId": "{{tenantId}}",
"clientSecret": "{{clientSecret}}",
"id": "{{onedrive-configuration-guid}}"
}
} |
The GV App should now be registered. Please make sure to keep copies of the following information:
...
TenantId
...
Username
...
ClientID
...
This document provides information for Getvisibility customers about creating a OneDrive app, which is required for product to connect to customer’s OneDrive accounts.
This in return allows the customer to access files stored in organization’s OneDrive for classification and usage reporting purposes.
App registration
Before configuring OneDrive as a Data Source, you will need to register an App using Azure portal.
Please refer to the following document:
App permissions
After registering an App you will need to make sure it has correct permissions assigned.
Please refer to the following document:
Azure Permissions - Getvisibility App
Getvisibility UI
A connection now can be configured in the UI using previously obtained information.
Files Scan
Navigate to Administration > Data Sources > OneDrive
Select New Scan:
...
In the modal window enter your credentials:
Name: The name of the scan to distinguish it from others
Directory (tenant) ID: Obtained in previous steps
Application (client) ID: Obtained in previous steps
Client Secret Value: Obtained in previous steps
Path: Once the above credentials are entered you can navigate through folders
Data Owner: If you have owners configured in your system for DSPM select one here
Geographic Location: If you know the jurisdictions where the data should legally reside enter them here
When done select save.
You can now start the scan by selecting the icon shown below:
...