SharePoint Online Connector Configuration (Modern Auth)
This article describes the steps needed for configuring the SharePoint Online Connector (SPOC).
If you have not yet created an App Registration, please follow the steps found here before proceeding to configuration options.
1. Log in to SPOC Administrator Web Portal
Prior to accessing the SPOC administrator portal for configuration updates, an administrator account must be set up with Gimmal Professional Services or the Technical Support teams.
This administrator account must be used for the first login.
This administrator account can be used to provision new users as well as manage any aspect of the connector.
Administrator account information should be kept secure.
The URL to access Gimmal Hosted SPOC is based on your Region and Deployment environment. Please see the table below.
Navigate to the correct URL (see table below) and log in to the SPOC web portal using the administrator account set up in conjunction with Gimmal Support.
Region | Test | Production |
Canada | https://spo-records-ca.gimmal.cloud | https://spo-records-ca.gimmal.cloud |
United Kingdom | https://spo-records-uk.gimmal.cloud | https://spo-records-uk.gimmal.cloud |
United States | https://spo-records.gimmal.build | https://spo-records.gimmal.cloud |
(Optional) Provision new administrator accounts as needed. You will need to share any additional accounts with Gimmal Support to add them to the B2B collaboration for this site.
2. Configure Connection to Gimmal Records
This section configures the connection between the SharePoint Online Connector and Gimmal Records using a Service Account provisioned within Gimmal Records.
Gimmal Records Service Accounts:
Can be found and managed in the Gimmal Records Manager Web (aka Gimmal Records Core).
Are created and managed locally in the Gimmal Records Manager Web, and are identified on the ‘Secure’ page with an orange tile.
Are usually different than the SPOC Administrator account used to log into the SPOC Administrator portal. If this account is named the same, it may have a different password.
Do not need to be registered in Entra (Active Directory). These accounts are strictly used within Gimmal Records to facilitate communication with connectors or third-party services.
See Creating a Service Account for more details.
On the Admin Tab, choose Gimmal Records under Connection Configuration in the left panel (A)
Enter Configuration details:
URL: Enter the correct URL for the Gimmal Records Manager Web (B) (See table below)
*Username: The Username for the Gimmal Records Service Account (C) See notes above regarding Service Accounts.
Password: The password for the Gimmal Records Service Account (D) This must be the password associated with the listed username as set in the Gimmal Records Manager web.
Click ‘Update’ to save the changes.
Proceed to the next section to configure the Microsoft Graph API connection.
Region | Test | Production |
Canada | https://records-ca.gimmal.cloud | https://records-ca.gimmal.cloud |
United Kingdom | https://records-uk.gimmal.build | https://records-uk.gimmal.cloud |
United States | https://records.gimmal.build | https://records.gimmal.cloud |
Note the ‘Test’ button (E) can be used to validate the URL and view available service accounts.
3. Configure Microsoft Graph API Connection in the SharePoint Online Connector
This section configures the connection to the Microsoft Graph API used to authenticate to SharePoint.
Click on ‘Microsoft Graph API’ in the left panel
Enter the Tenant ID and Client ID from the App Registration step:
Tenant ID: Your Azure AD Directory (tenant) ID (A)
Client ID: Your Azure AD Application (client) ID (B)
Click the ‘Save’ button (C)
An Upload Certificate button will appear. Click it to upload the .PFX version of the certificate file used during App Registration.
Upload the .PFX certificate file created during App Registration using the ‘Select File’ button (A)
Enter the certificate password (B)
Click the ‘Upload’ button to complete the certificate upload (C)
Verify the certificate thumbprint and expiration dates match the original (D)
Test Connection: Click “Test Connection” to validate authentication (E)
Save Configuration: Click ‘Update’ to save the settings (F)
Ensure the thumbprint of the uploaded certificate matches the thumbprint as listed in the App registration.
Enabling Label-based Record Locking
Gimmal Records includes support for Label-based record locking using a Purview retention label. However, fully enabling this functionality requires additional configurations.
Enabling Label-based locking is a ‘one-way' configuration. Once Label-based configuration has been enabled, rolling back is not supported.
Ensure that a Gimmal-specific label has been created in Purview before proceeding further.
This option is only available to organizations that have E5 (or equivalent) Microsoft licensing.
Only one label can be enabled for record-locking.
If your organization is currently using Purview retention labels for any purpose, do not enable label-based retention without first speaking with our subject matter experts.
Enable Label-based Record Locking
Please submit a ticket to Gimmal Support with a request to configure Label-based record locking. Please see caveats in the warning notes above.
Configure the Purview Label in SPOC
Log in to the SPOC Administrative Web
Go to Manage > Job Configuration
Edit the Job Details - Retention, if needed
On the Job Details page, enter the name of the Purview Label to use, then click Save
Note: If the Retention Label field is not present, please contact Gimmal Support.
Troubleshooting
Authentication Failures
Verify Tenant ID and Client ID are correct
Check that the certificate is properly uploaded and not expired
Ensure the app has the required Microsoft Graph permissions