Configuring the Microsoft SharePoint Online plug-in

IBM Content Navigator works with Microsoft SharePoint Online so that you can browse, search, and work with repository documents from your Microsoft SharePoint Online environment. If you are using Microsoft SharePoint Online, you can add repository documents to Microsoft SharePoint Online sites.

Choose the Azure AD tenant where you want to create your applications

  1. Sign in to the Azure portal.
  2. If your account is present in more than one Azure AD tenant, select your profile in the menu at the upper right of the page. Then, select switch directory. Change your portal session to the Azure AD tenant that you want.
  3. In the portal menu, select the Azure Active Directory service. Then, select App registrations.

Register the client application

  1. Go to the Microsoft identity platform for developers App registrations page.
  2. Select New registration.
    1. In the Name section, enter an application name that is displayed to users of the application. For example, ibm-navigator-sharepoint.
    2. In the Supported account types section, select Accounts in this organizational directory only ({tenant name}).
    3. Click Register to create the application.
  3. On the application Overview page, find the Application (client) ID and Directory (tenant) ID values and record it for later. You need it to configure the plug-in at your IBM Content Navigator system in the Microsoft SharePoint Online Plug-in page.
  4. In the Application menu blade, click the API permissions on the left to open the page to add access to the APIs that your application needs.
    1. Click Add a permission and check that the Microsoft APIs tab is selected.
    2. In the Commonly used Microsoft APIs section, click SharePoint.
    3. In the Application permissions section, verify that the right permissions are checked: Sites.ReadWrite.All
    4. Click Add permissions.
  5. At this stage, the permissions are assigned correctly. However, since the client application does not allow users to interact, the users cannot consent to these permissions. To get around this problem, the tenant administrator can consent on behalf of all users in the tenant. Click Grant admin consent for {tenant}. Then, select Yes when you are asked if you want to grant consent for the requested permissions for all accounts in the tenant. Only the tenant administrator can grant consent.

Create a private key and certificate

The SharePoint Online plug-in requires a private key in PKCS8 format and a certificate in X509 format.

Keys and certificates are generated in many ways. As an example, the following are console commands to generate the key and cert by using OpenSSL.

Generate the private key in PEM format (used to make the certificate) and create a PKCS8 version (used by the sample application). 
openssl genrsa -out private_key.pem 2048
openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem -nocrypt > pkcs8_key
Generate a certificate by using the private key.
openssl genrsa -out private_key.pem 2048
openssl x509 -req -days 365 -in cert.csr -signkey private_key.pem -out cert.crt

Go to the Azure portal. In the Application menu blade, click the Certificates & secrets. In the Certificates section, upload the certificate that you created. You will also need to add the certificate and key to a file system location where IBM Content Navigator can access it. For Cloud Pak for Business Automation, add the files to your configDropins/overrides directory for your Navigator pod.