user based authentication

<< Click to Display Table of Contents >>

Navigation:  UltraSearch > Azure AD Configuration >

user based authentication

If you use user-based authentication, the following settings must be made in your Azure registration:

 

1.Select API Permissions in the left navigation list and click Add Permission.

Select SharePoint as the API

Under Delegated Permissions, configure the permissions you want the user to delegate to UltraSearch, and confirm the changes using the Done button.

oIf a permission has not been granted here, the user may not use UltraSearch to perform the affiliated action, even though he would be allowed to do so with the web interface.

oIf a permission has been granted here, but not to the actual user, an affiliated action would still fail (the user won't become any more privileges).

oTo access SharePoint pages, the allSites.Manage permission is required.

oIf you want to restrict the access to document libraries only, the AllSites.Read permission is sufficient.

oTo scan all site collections connected to a site, the privilege 'Sites.Search.All' is required.

oTo allow the user to upload files, the privileges 'Read and write user files' and 'Read and write items and lists in all site collections' may be required.

Click on Grant permissions to apply the changed permissions to your account.

Depending on which permissions you selected, the changes need to be approved by an administrator (grant admin consent)

2.In order to use the SSO for domain-joined Windows (Windows Integrated Auth Flow) or the user credentials entered via UltraSearch, the option Allow public client flows under Authentication -> Advanced settings needs to be enabled.

    Azure_advanced_settings

User permissions and permission levels in SharePoint Server
In order for a user to be able to scan SharePoint pages using UltraSearch , the user must be granted certain permissions in SharePoint.

A user needs a permission level on the pages he is allowed to scan, which contains the website permission "Browse directories".

If the standard permission levels are to be used, the user needs at least the permission level "Contribute" on these pages.

Please note that the "SharePoint admin" role does not automatically grant a user access to all websites. If a SharePoint admin should be able to use UltraSearch to scan SharePoint sites, please check the assigned permission levels here as well.

 

Problems with authentication

If a user is not able to connect to SharePoint via UltraSearch despite the assigned permissions, please check if this user has a valid Office 365 license with access to the Microsoft Graph-API (e.g. Office 365 E3).