Background

CentreStack supports connecting to SharePoint Online document libraries via CentreStack Team Folders. In this way, SharePoint Online document libraries may be viewed in via the CentreStack drive letter, or in the CentreStack portal, alongside other CentreStack Team Folders.

Known Limitations

• CentreStack build 9.2.5126.40535 or later is required.
• SharePoint Online Document Libraries are per CentreStack tenant

Configuration

1. Login as the CentreStack cluster admin or tenant admin.
2. From the Dashboard click on the tenant that will be configured for SharePoint Online access.
3. On Tenant Dashboard, click Settings, Sharepoint Online Integration
4. Click Edit
5. Copy the text in the Callback URL Paste it into a text editor for now.
6. Sign into https://portal.azure.com as a global administrator for the Azure AD tenant.
7. Click Microsoft Entra ID under Azure services
8. In the next blade click App registrations:
   
   
9. In the next blade click New registration:
   
10. In the Register an application blade use these settings:
    Name: AccessSharePointFromCentreStack
    Supported account types:  Accounts in this organizational directory only (hadroncloud only - Single tenant)
    Redirect URI: Web: <the Callback URL from the CentreStack Sharepoint Online Integration in step 5>
    
    
11. Click the Register button at the bottom of the Register an application blade.
12. The CentreStack configuration requires the Application ID and Tenant Id (Directory Id). Click on the Overview node in the app registration blade and copy the Application (client) ID and Directory (tenant) ID to the clipboard and paste both values into a text editor.
    
13. In the Branding & properties node,  update the Home page URL with the Callback URL from the CentreStack portal then click the Save button:
    
14. In the app registration blade, click on the  API permissions node then click the Add a permission button:
    
15. Click on the SharePoint card:
    
    
    
16. In the Request API permissions blade, click the Delegated permissions card:
    
17. Expand the AllSites node and enable the AllSites.Read and AllSites.Write options. Expand the MyFiles node and enable the MyFiles.Read and MyFiles.Write options then click the Add permissions button:
    
18. Go back to the app registration blade, click on the  API permissions node then click the Add a permission button again. Then select 'Microsoft Graph'
19. Select Application Permissions
20. Scroll down to Organization and check the setting 'Organization Read All' and click 'Add Permissions.
21. Permissions should show like this now, make sure you see the green checkmark for 'status' if not click 'Grand Access' at the top and grand it access. 
22. In the app registration blade, click on the Expose an API node, then click the Add a scope button.
23. In the Add a scope blade, click the Save and continue button:
    
24. In the Add a scope blade make sure to enable Admins and users in the Who can consent option. Other text fields are arbitrary:
    
    Click the Add scope button once the Add a scope blade is filled in.
25. Back in the app registration blade, click on the Certificates & secrets node then click the New client secret button:
    
26. In the Add a client secret blade, type some text in the Description such as Secret (the value is arbitrary). The Expires option allows you to configure how long until the password expires. Select an Expires value appropriate for the security requirements for your organization then click the Add button:
    Keep in mind that if you set an expiration time for the client secret, after it expires, need to create a new client secret and re-configure the Sharepoint Online Integration on Centrestack, to use the new secret value.
27. The value of the secret will be generated automatically. Click the Copy to clipboard icon:
    
28. Paste the secret into an text editor and verify that the value in the text editor matches the Azure portal.
29. Login as the CentreStack cluster admin or tenant admin.
30. From the Dashboard click on the tenant that will be configured for SharePoint Online access.
31. Click on the Settings, Sharepoint Online Integration
32. Click Edit
    1. Scroll down to Sharepoint Online and click the option to enable it.
    2. In the Client ID field paste in the value from Azure AD's Application (client) ID
    3. In the Client Secret field paste in the value from Client secret Value field.
    4. In the Tenant Id, use the text corresponding to the Directory (tenant) ID from the Azure portal.
       
    5. Click Apply at the upper right of the page to save the settings.
33. Click on TENANT DASHBOARD at the top of the page.
34. Click on Create Team Folder:
    
35. Click on Cloud Storage:
    
36. Click on SharePoint Online:
    
37. In the Folder name field, specify the folder name. Centrestack will create a root folder with the name specified here. Click Next:
    
38. Click on Get Authorization Code:
    
39. Enable the Consent on behalf of your organization option then click the Accept button:
    
40. If Authentication Code is not auto pasted to the configuration page, click 'Copy to Clipboard', to copy the code. Close the authentication window and paste it to the code field back in the configuration window. Click Authorize.
41. Once Authorized, click 'SharePoint site' field. Centrestack will load the existing sites automatically.
42. Click on drop down menu next to SELECT, to show the list of document libraries under the site. The corresponding URL will show next.
43. Click Finish
44. Click Add Collaborator:
    
    
45. Add the appropriate users or groups, then click the Save icon:
    
    
46. The collaborators you added will have the new Team Folder in their CentreStack drive.