Sharepoint

Create Azure App

First an Azure app registration is needed to gain API access to the SharePoint data. This is done in the Azure Portal and require an Administrator to set up.

Direct link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
AzureSharePoint
Click on "New registration".

Under "Name" write "Infoscreen".

Under "Supported account types" select "Accounts in this organizational directory only (Destino AS only - Single tenant)".

Under "Redirect URI (optional)" select platform "Web" and insert this Redirect URL: "https://accounts.destinet.no/auth/identity/gateway". Then add another Redirect URI, select "Web" and insert this Redirect URL: "https://accounts.destinet.no/auth/identity/office365gateway".

Click on the "Register" button.

You will now be taken to the new App overview page.
AzureSharePoint3

Copy "Application (client) ID" and "Directory (tenant) ID" and save for later.

Then select "API permissions".

We will be using "Delegated permissions" for the API access.

Under "Microsoft Graph" select:
  • User.Read
  • Group.Read.All
  • Files.Read.All
  • Sites.Read.All

Under "SharePoint" select:
  • AllSites.Read
  • Sites.Search.All
  • User.Read.All
AzureSharePoint4

Then select "Certificates & secrets".

 
AzureSharePoint5

Click on "New client secret".

Give a "Description" to the client secret. Select 24 months in "Expires" and click "Add".

Click on the copy icon for the Client Secret "Value" and store it together with the Application and Tenant IDs.

 

Create user

Destinet/Exposer/D:Signage communicates with SharePoint using an Azure user. Using deligated access the content that the infoscreen has access to is limted to the permissions that user has. It is then recommended to create a specific "Infoscreen" user that you assign only the nessesary permissions to. For example only assign access to the Sites that you want to show on the Infoscreen.

For this purpose the user only need a Microsoft licence for SharePoint access.
 

Generate refresh and acces token

To generate a refresh token/access token this information will be inserted into Destinet/Exposer/DSignage:
  • Application ID
  • Tenant ID
  • Tenant Name
  • Client Secret
  • Domain

This will generate a token request URL. The administrator that created the Infoscreen user will receive this link and run this in a incognito browser session. He will then login using the Infoscreen user and password and will be redirected to a DSignage url where a Token is generated.