Preparing to use SharePoint Online Connector (6.1)

This article provides steps to follow to ensure a successful set-up of the SharePoint Online Connector (SPOC).

Important: You cannot configure the SharePoint Online Connector app to work with two different instances of Records Management. You must provide distinct Microsoft 365 tenants to accomplish this requirement.

For example,

• https://test-company.sharepoint.com registered to https://records.gimmal.build

• https://company.sharepoint.com registered to https://records.gimmal.cloud

Ensure a SharePoint App Catalog has been created

To enable the deployment of an App Package to SharePoint Online, an App Catalog must exist to host the App Packages. If an app catalog does not exist for your tenancy, follow the guidance from the Microsoft documentation.

Configure the Azure AD (Entra ID) App Registration

Overview

To connect the SharePoint Online Connector to your Microsoft 365 environment, you need to create an application registration in Azure AD (Entra ID) and grant it permissions to access SharePoint sites.

• These instructions are provided for convenience. Please contact your Microsoft 365 Azure Administrator or SharePoint Online administrator for assistance with completing these tasks.

• The screenshots below are provided as a guide for your convenience. Microsoft may have made changes to the administrative portal since publication.

Prerequisites

• Global Administrator or Application Administrator role in Azure AD

• Access to the Azure Portal (https://portal.azure.com)

Step 1: Obtain an X.509 Certificate

Gimmal Records SharePoint Online Connector only supports certificate authentication. A valid x.509 certificate is required. The certificate must allow for an exportable private key.

Export the certificate in both .CER and .PFX formats, including the private key.

• For production environments, we strongly recommend that you acquire a certificate from a public Certificate Authority. For non-production environments, you may use a self-signed certificate.

• Please see this article and this article for more information on X.509 certificates

Step 2: Register the application in Microsoft Entra

An application registration for the Gimmal Records SharePoint Online Connector must be created in the Entra ID portal.

2.1 Open Entra (formerly Azure AD) Portal

1. Navigate to https://entra.microsoft.com

2. Sign in with your administrator account

3. Click App registrations in the left menu under Entra ID

   

4. Click + New registration at the top of the application list

   

2.2 Create the application

Fill in the registration form:

Field	Value
Name	SharePoint Online Connector
Supported account types	Accounts in this organizational directory only
Redirect URI	Select the ‘Web' option for the platform. Enter the SPO Connector you plan to use with a format of Url + /signin-oidc (e.g. https://hostname:port/signin-oidc)

Click Register.

The App Registration Overview screen will appear.

2.3 Save application details

After registration, from the overview screen, copy and save the following values. They will be needed in future steps:

• Application (client) ID (A)

• Directory (tenant) ID (B)

Note: Keep these values in a secure location - you’ll enter them in the SharePoint Online Connector configuration.

2.4 Add Users to Manage SPOC (in Entra)

This section outlines how users who manage and configure the SharePoint Online Connector are added to the application registration in Entra.

Note: These should be administrative users who are responsible for managing the connector and troubleshooting when needed.

1. Click the Enterprise Apps tab in the left-hand menu of the Entra Admin Center

2. Find your SharePoint Online Connector app and select it

3. Select Users and groups from the Manage menu

4. Select users or groups who will be administering the SharePoint Online Connector application
   

Step 3: Configure Permissions

Continuing in Entra Portal, this step will configure the permissions required by the application registration.

3.1 Add API permissions

1. Click API permissions under Manage (C)

2. Click + Add a permission

3. Select Microsoft Graph

4. Select Application permissions

3.2 Select required permissions

1. Search for and add each of these permissions:

2. ✅ Sites.ReadWrite.All

3. ✅ Files.ReadWrite.All

4. Click the Add permissions button after selecting both options

3.3 Add SharePoint permissions

1. Click API permissions under Manage

2. Click + Add a permission

3. Select SharePoint

4. Select Application permissions

3.4 Select required permissions

1. Search for and add each of these permissions:

2. ✅ Sites.FullControl.All

3. Click Add permissions after selecting.

3.5 Grant admin consent

1. Click Grant admin consent for [Your Organization]

2. Click Yes to confirm

3. Verify: You should see green checkmarks in the Status column for the selected permissions.
   

3.6 Upload certificate

1. Click Certificates & secrets under Manage

2. Click the Certificates tab

3. Click Upload certificate.

4. In the right panel, click Select a file.

5. Select the .CER file that was obtained in Step 1.

6. Click Add.

7. Verify the Thumbprint, Start date, and Expires.

Security reminders

• 🔒 Keep your Client Certificate secure - treat it like a password

• 📅 Set a calendar reminder to renew the certificate before it expires

Need help?

Please contact Morae Support for assistance.