In this article we'll cover key features and security permissions for Simpplr’s integration with Microsoft’s file sharing and collaboration solutions, SharePoint and OneDrive. We will also provide step-by-step connection instructions for End users, Site managers, and Application managers.
Table of Contents
- Integration path
- What's the difference between SharePoint and OneDrive?
- Integration features
- Need to know before setup
- Security overview
- Set up SharePoint Admin account
- Upgrading to multi-instance
- Update Salesforce remote site settings
- Connect SharePoint/OneDrive as an App manager
- Connect SharePoint/OneDrive as a Site owner
- Connect SharePoint/OneDrive as an End user
- Review the integration features below and decide specifications needed for your organization.
- Define the SharePoint/OneDrive structure your organization wants to use in connecting the integration.
- The SharePoint Admin/Global Admin connects the integration at the application level and the user level.
- Site owners connect their integration profile to their Simpplr profile.
- Site owners connect to the integration at the site level and select which SharePoint sites to share.
- Content teams add the correct files to their target SharePoint sites, and connect them to Simpplr content.
- End users connect their integration to their Simpplr profile.
- Now the files will be available for Site members to access.
What's the difference between SharePoint and OneDrive?
For many users these systems solutions are used in parallel and are often interconnected.
OneDrive is essentially an online folder system for personal file storage, but SharePoint includes many other features that are geared towards collaboration and team activities.
Office 365 now includes SharePoint features in its cloud platform, but you can also purchase SharePoint by itself as an on-premise solution.
- Connect your SharePoint/OneDrive site(s) to a Simpplr site to make the files within searchable by Site members.
- Attach files from your SharePoint/OneDrive directly to your content.
- Upload and download files to SharePoint/OneDrive from your intranet interface.
- Add folders to SharePoint/OneDrive from your intranet interface.
- Manage which documents are visible and available via your intranet while maintaining your robust file structure on SharePoint/OneDrive.
- Engage with files - Download, like, favorite, share, preview, and create new versions of files.
Need to know before setup
- The SharePoint Admin and Azure Global Admin must be the first to connect their SharePoint account before other users do. This user will need to possess an Office 365 license in addition to having SharePoint Admin access. If this user is the same person with both roles, then follow the instructions below. If the Global Admin and SharePoint Admin are two different people, the Global Admin will need to connect their account first. They'll choose "consent on behalf of the organization" option. They may see an error stating, "SharePoint is not enabled". However, this is when the SharePoint Admin can connect. Once the SharePoint Admin connects, the error will no longer persist. They must do this at their Simpplr profile level. More information below in Set up SharePoint as an Application manager.
- Simpplr authenticates to OneDrive/SharePoint at the user level and respects the permissions created in Microsoft. A user will never see content they do not have rights to.
- In SharePoint, make sure limited-access user permission lockdown mode is deactivated. Otherwise, you won’t be able to link SharePoint files to Simpplr. To locate this setting, from SharePoint, go to Site Settings > Site Collection Features.
- Any documents connected to a site via SharePoint/OneDrive will be searchable and accessible to all site members. If a site is public, all users of your intranet will have access to the SharePoint sites.
- When searching for SharePoint/OneDrive files in the Files tab of a site, do not use the Search site files… bar. You must manually click into the folder containing the file you need.
- 4MB is the maximum file size that can be uploaded to Simpplr.
- Currently Simpplr does not support the ability to delete SharePoint document libraries from within your Simpplr instance.
- To install the Simpplr app into SharePoint, the SharePoint Admin must connect their account before any other users do. See below for further instructions. The Admin's OAuth tokens are NOT stored in Simpplr, and are only needed to provide consent to the rest of the users' connections.
- Once complete, each user will need to connect their account at the User Profile level in the Profile & settings section. Users will only need to connect their account once.
- File permissions do not change once sites are integrated with Simpplr. For more information on file permission levels within SharePoint, click here.
- Updating the Admin user's SharePoint password will not affect the integration in any way. No connections will be disrupted if you change your SharePoint password.
For full security documentation on the SharePoint/Simpplr integration, click here.
Permissions Being Asked from SharePoint/Microsoft
SharePoint will ask users to consent to several delegated permissions on behalf of Simpplr when connecting their accounts for the integration. These all must be approved in order for the integration to work correctly.
|Permission Name||Permission required||Description||Impact if removed|
View your basic profile
|User.ReadBasic.All||Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user.||Unable to sign in and use SharePoint services
Users info on files and profile
|Access directory as the signed-in user||Directory.AccessAsUser.All||Allows the app to have the same access to information in the directory as the signed-in user.||Unable to search for files or fetch files|
Have full access to all files you have access to
Read and write your files
|Files.ReadWrite.All||Allows the app to read, create, update, and delete all files the signed-in user can access.||Unable to search for files or fetch files|
|Create, edit, and delete items and lists in all your site collections||Sites.Manage.All||Allows the app to manage and create lists, documents, and list items in all site collections on behalf of the signed-in user.||Unable to access basic organization structure and file listings with create permission|
|Read and write items in all site collections||Sites.ReadWrite.All||Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user.||Unable to access basic organization structure and file listings|
|Sign-in and read user profile||User.Read||Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.||Unable to sign in and use SharePoint services|
|Edit or delete items in all site collections||Sites.ReadWrite.All||A subset of Sites.Manage.All, this is specifically required for Update & Delete operations on SP document libraries. Simpplr only makes use of the Update operation to support:
Allowing users with access to rename a linked SP document library or folders within the SP document library from Simpplr.
|Unable to access basic organization structure and file listings|
|Read and write items and lists in all site collections||AllSites.Manage||This is effectively the same as Sites.Manage.All, however it is required in order to hit legacy SharePoint-exclusive APIs. The Sites.Manage.All API only allows hitting Microsoft Graph APIs|
Set up SharePoint Admin account
Reminder, the Azure Global Admin and SharePoint Admin must be the first to establish a connection with SharePoint before anyone else can access the integration. If the Global Admin and SharePoint Admin are two different people, the Global Admin will need to connect their account first. They'll choose "content on behalf of the organization" option. They may see an error stating, "SharePoint is not enabled". However, this is when the SharePoint Admin can connect. Once the SharePoint Admin connects, the error will no longer persist.
To set up your SharePoint Admin profile (if not done so already):
Login to office.com
From the Admin center, go to Show all > Roles > Role assignments > SharePoint Administrator, then click the Assign roles tab. Click the Assigned tab and select Add users to assign the user(s) you wish to be Admin. Complete these same steps for the Global Administrator role if needed.
Note:This step must still be completed even if you are already using the active SharePoint Global Administrator profile.
Now you can connect SharePoint in Simpplr by following the steps below.
- Navigate to Profile & settings > Edit profile & settings > External apps.
- Enter your credentials for the SharePoint Admin account and sign in. Once signed in, you must set the permissions Access directory as the signed in user and Consent on behalf of your organization.
If the SharePoint Global Admin disconnects:
- The Simpplr for SharePoint/OneDrive for Business application is not deleted.
- The folders linked by SharePoint Global Admin user to sites will be removed.
- End user connections will not be removed.
- New users of the same domain name can still connect to the integration as long as the domain is added under Manage > Application > Integrations > File management.
Upgrading to multi-instance
Our SharePoint integration is now able to support multiple domains (up to 10). If you’ve already integrated with SharePoint prior to the release of multi-instance support, you’ll have to disconnect SharePoint from Simpplr when upgrading to multi-instance. To upgrade:
1. Go to Manage App > Integrations > File Management. Under SharePoint, you’ll see a message explaining the upgrade process. Click Disconnect & upgrade. A modal will open asking if you’re sure you want to disconnect. Click Disconnect to begin the upgrade.
Note: Once you click Disconnect, an email will be sent to you with an attached CSV of all linked SharePoint document libraries prior to the upgrade. Once the upgrade is finished, all document libraries will be disconnected from Simpplr and you can refer to the CSV file to manually re-link these document libraries.
2. You’ll see a new message under SharePoint telling you that your upgrade is in progress. The upgrade may take several hours to complete. While the upgrade is in progress, Simpplr users can’t use SharePoint. It’s recommended that you conduct this upgrade outside of normal business hours.
3. Once the upgrade is finished, you’ll receive an email and in-app notification confirming that SharePoint multi-instance is enabled. The following data will be preserved after the upgrade:
- SharePoint account connections for all users
- All site selections of SharePoint as external file storage
- All SharePoint files attached to:
- Feed posts
- Home and site dashboard tiles
Note:If a domain is removed from Simpplr after being added, the people token information is deleted. If the same domain name is added again, the people token information is restored.
The site folder information is not deleted and retained, once the user connects back, linked folders are visible again.
Update remote site settings in Salesforce (if not complete already)
NoteA Simpplr representative will normally set this up for you. But in the event remote site settings in Salesforce were not updated during implementation, your System admin can follow the instructions below to activate the SharePoint integration.
- Go to your Salesforce home page and navigate to Setup. Type Installed Packages into the Quick Find box and click Installed Packages.
- Locate Simpplr and click. Then choose View next to Post Install Instructions.
- Scroll down until you see Microsoft Integration. Select Click here for each listed URL for Microsoft Integrations. Your remote site settings for SharePoint have been updated. The App manager can now proceed to enabling the integration with Simpplr.
Connect SharePoint/OneDrive as an Application manager on Simpplr
As the Application manager, it is your responsibility to enable SharePoint and OneDrive on your company's intranet. Until the integration is set up at your permissions level, your Site owners and Content managers will not be able to access SharePoint or OneDrive. To allow Simpplr access to your SharePoint:
- From your Simpplr Home dashboard, navigate to your profile image and select Manage > Manage application.
- Go to Integrations > File management and check the boxes for SharePoint and OneDrive.
- Add the domain name(s) of your SharePoint instance. If using multi-instance, you'll add each domain name here.
- If you’re connecting to the multi-instance version of SharePoint: Determine access permissions for users interacting with SharePoint files they don’t have access to. Choose whether or not users without file access are shown an ‘Open in SharePoint’ prompt. Giving users this prompt may allow them to request file access directly in SharePoint.
- Click Save when you have all domains added and access permissions chosen.
Connect SharePoint/OneDrive as a Site owner on Simpplr
As a Site owner, it is up to you to enable SharePoint and OneDrive functionality at the site level. You also control the file upload permission settings for your site users. To do so, follow steps 1 and 2 from above to connect your Simpplr account to your Salesforce account, then:
- From your profile image, select Manage > Manage sites. Then locate the site on which you want to enable SharePoint/OneDrive.
Note:In SharePoint, make sure Limited-access user permission lockdown mode is turned off. Otherwise, you won’t be able to link SharePoint files to Simpplr.
- Locate the site you want to connect with SharePoint for file storage. From Manage site, in the Setup tab, scroll down until you see External files. From the dropdown menu, select SharePoint files. Then scroll down and click Save.
Link SharePoint document libraries to your site
Once SharePoint has been selected as file storage for a site, a folder named SharePoint Files will be automatically created in the Files tab. To add more folders to your site, follow the steps below:
Note:Only a Site owner can link folders to a site, as long as they’re connected to SharePoint and the site is connected to SharePoint. If you can’t see the below options, you may not be the Site owner, or the site is not yet connected to SharePoint.
- From your Simpplr site, select the Files tab.
- Click on the SharePoint files folder.
- Click Link SharePoint folder or document library.
- Select the SharePoint site and document library (if applicable) you wish to link to the Simpplr site. The sites you select will now be linked to the Simpplr site. If users do not link SharePoint files or folders to a site, they will not be able to view them or search for them in Simpplr.
Note:Simpplr limits the number of top-level sites you can link to 15 per SharePoint instance. This is due to Simpplr's Search performance capabilities. If you link more than 15 top-level SharePoint sites (per instance), you won’t be able to search for SharePoint files in Simpplr. This limit doesn’t apply to document libraries.
For example, if you link 15 top-level sites (HR, Product, IT, etc.) that each contain 10 document libraries, all libraries will be searchable. But you can’t link more than 15 top-level sites.
The total number of document libraries from SharePoint that can be connected to Simpplr is 300.
If users do not have access to a document library linked to a site, they will see the name of the document library under Files on the site.
However, when they click into the library, they will see this:
If a user goes to a piece of content that includes a SharePoint file they don't have access to, they'll receive the same "Unable to display" message.
Unlinking document libraries
Users with requisite permissions may unlink a document library from a site. If a user tries to unlink a document library they don’t have access to, they’ll be shown an error message.
If the Site owner disconnects their own profile from SharePoint and then connects again:
- SharePoint will need to be reconfigured at the site level
- All pre-existing linked SharePoint Libraries will no longer be available to site members
Transferring site ownership
If you wish to transfer ownership of a site that uses SharePoint for file storage, the new owner must be in the same SharePoint instance (and their app must already be connected to SharePoint), or SharePoint must first be disconnected from the site.
If the current Site owner leaves/is deactivated, and a new Site owner has not connected their account to the SharePoint document library in question, nothing will happen to the document library.
There are three scenarios that can play out when updating site ownership:
- The new Site owner does not have a SharePoint account linked to their profile. This will cause an error when attempting to transfer ownership of the document library.
- The new Site owner has the same SharePoint account linked in their profile as the previous owner. The ownership is transferred and the document libraries are not removed.
- The new Site owner has a different SharePoint account linked in their profile. Site ownership is transferred, and the linked document libraries are not removed.
Connect SharePoint/OneDrive as an End user on Simpplr
Note:The SharePoint admin has to connect at the user level before any other users in the organization. Until the admin has connected their account, other users won’t be able to connect to SharePoint.
As a Simpplr Standard User/Content Manager, once your App manager has set up the connection with Simpplr, you will be able to attach, share, and edit files you have access to in SharePoint and OneDrive, all from within your Simpplr intranet. First you must enable SharePoint and/or OneDrive on your profile. To do so:
- Navigate to your user profile image and click Profile & settings. Once your profile is open, click Profile & settings.
- Click External apps, then next to SharePoint and/or OneDrive, click Connect account. Your files are now connected to Simpplr!
- Now when you create content and want to attach files, you'll be given the option to include files from your SharePoint or OneDrive account.
SharePoint file access across instances
Only files that are in your SharePoint instance:
- Will be returned in search
- Can be attached to content and feed posts
- Will be visible and/or accessible, depending on where the file is located in Simpplr
- SharePoint files in the site files tab and file detail page are only visible to users who connect to the same instance.
- SharePoint files in the file manager, or attached to content and feed posts are visible to all users, regardless of which instance they’re in, but can only be opened by users who connect to the same instance.
Top-level SharePoint document libraries in the site files tab are visible to all users, regardless of which instance they’re in, but can only be opened by users who connect to the same instance.
Please sign in to leave a comment.