<< Click to Display Table of Contents >> Navigation: UltraSearch > Azure AD Configuration > user based authentication |
If you use user-based authentication, the following settings must be made in your Azure registration:
1.Select API Permissions in the left navigation list and click Add Permission.
•Select SharePoint as the API
•Under Delegated Permissions, configure the permissions you want the user to delegate to UltraSearch, and confirm the changes using the Done button.
oIf a permission has not been granted here, the user may not use UltraSearch to perform the affiliated action, even though he would be allowed to do so with the web interface.
oIf a permission has been granted here, but not to the actual user, an affiliated action would still fail (the user won't become any more privileges).
oTo access SharePoint pages, the allSites.Manage permission is required.
oIf you want to restrict the access to document libraries only, the AllSites.Read permission is sufficient.
oTo scan all site collections connected to a site, the privilege 'Sites.Search.All' is required.
oTo allow the user to upload files, the privileges 'Read and write user files' and 'Read and write items and lists in all site collections' may be required.
•Click on Grant permissions to apply the changed permissions to your account.
•Depending on which permissions you selected, the changes need to be approved by an administrator (grant admin consent)
2.In order to use the SSO for domain-joined Windows (Windows Integrated Auth Flow) or the user credentials entered via UltraSearch, the option Allow public client flows under Authentication -> Advanced settings needs to be enabled.
•A user needs a permission level on the pages he is allowed to scan, which contains the website permission "Browse directories".
•If the standard permission levels are to be used, the user needs at least the permission level "Contribute" on these pages.
•If a user is not able to connect to SharePoint via UltraSearch despite the assigned permissions, please check if this user has a valid Office 365 license with access to the Microsoft Graph-API (e.g. Office 365 E3).