Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

This document provides information for Getvisibility customers about creating a Sharepoint Connector app, which is required for Focus product to connect to customer’s Sharepoint Online (SPO) accounts.

This in return allows Focus to access files stored in SPO for classification and usage reporting purposes.

Prerequisites:

  • IP of the Focus Server installation

  • In case of proxy being enabled in the network, ensure SharePoint is SSL bypassed.

Registering an Azure App:

  • Login to Azure Portal

  • Choose your Azure AD Tenant (you can pick from the top right corner of the page)

  • Click on App Registration and select New Registration

  • On the App Registration page enter below information and click Register button 

    • Name: (Enter a meaningful application name that will be displayed to users of the app)

    • Supported account types:-

      • Select which accounts you would like your application to support. You should see the options similar to below. You can select “this organizational directory only”:

      • Redirect URIs: Select the type of app as Web and then enter the redirect URI (or reply URL) as https://localhost

      • Click [Register]

  • Add another redirect here

  • Add the following URIs to the list:

  • Check Access tokens (used for implicit flows) under Select the tokens you would like to be issued by the authorization endpoint section.

  • In the Azure portal, in App registrations, select your application

  • Select Certificates & secrets > New client secret

  • Add a description for your client secret

  • Select an expiration for the secret or specify a custom lifetime

  • Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months

  • Microsoft recommends that you set an expiration value of less than 12 months

  • Select Add

  • Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page. As the result they will get ClientSecretGetting API permissions to the app

  • In the Azure portal, in App registrations, select your application

    • Select API Permissions > Add a permission

    • Select Sharepoint app from the list, then Delegated permissions

    • Select AllSites.Read under AllSites section and click on Add permissions

Getvisibility UI

A connection now can be configured in the UI using previously obtained information.

Files Scan

Navigate to Administration > Connections > SharePoint Online

Select New Scan.

Screenshot 2024-02-14 at 10.04.16.png

In the modal window enter your credentials.

Screenshot 2024-02-14 at 10.13.03.png

Name: The name of the scan to distinguish it from others

Directory ID: Obtained in previous steps

Application ID: Obtained in previous steps

Client Secret Value: Obtained in previous steps

Site and path: Once the above credentials are entered you can navigate through the sites and folders

Data Owner: If you have owners configured in your system for DSPM select one here

Geographic Location: If you know the jurisdictions where the data should legally reside enter them here

When done select save.

You can now start the scan by selecting the icon shown below:

Screenshot 2024-02-14 at 10.12.20.png

User Scan

Navigate to Administration > Connections > Azure AD

Select New Scan:

Screenshot 2024-02-14 at 10.24.04.png

Enter the same credentials obtained above.

Start the scan by selecting the icon shown below.

Screenshot 2024-02-14 at 10.25.13.png

  • No labels

Classified as Getvisibility - Partner/Customer Confidential