■
In this article we'll cover key features and security permissions for Simpplr’s integration with Microsoft’s file sharing and collaboration solutions, SharePoint and OneDrive. We will also provide step-by-step connection instructions for End users, Site managers, and Application managers.
Table of Contents
- Integration path
- What's the difference between SharePoint and OneDrive?
- Integration features
- Need to know before setup
- Security overview
- Upgrading to multi-instance
- Connect SharePoint/OneDrive as an App manager
- Connect SharePoint/OneDrive as an Azure Global Admin user
- Connect SharePoint/OneDrive as an End user on Simpplr
- Connect SharePoint/OneDrive as a Site owner
Integration Path
- Review the integration features below and decide specifications needed for your organization.
- Define the SharePoint/OneDrive structure your organization wants to use in connecting the integration.
- The SharePoint Admin/Global Admin or Simpplr App manager connects the integration at the application level in Simpplr.
- The SharePoint Admin/Global Admin connects their intranet profile at the user level OR the first End user connects their profile and requests app approval from the Azure Global Admin user. The Global Admin user provides consent for the Simpplr app to connect tot he org's SharePoint. Once approved, all other users can connect without having to request approval.
- Site owners connect their integration profile to their Simpplr profile.
- Site owners connect to the integration at the site level and select which SharePoint sites to share.
- Content teams add the correct files to their target SharePoint sites, and connect them to Simpplr content.
- End users connect their integration to their Simpplr profile.
- Now the files will be available for Site members to access.
What's the difference between SharePoint and OneDrive?
For many users these systems solutions are used in parallel and are often interconnected.
OneDrive is essentially an online folder system for personal file storage, but SharePoint includes many other features that are geared towards collaboration and team activities.
Office 365 now includes SharePoint features in its cloud platform, but you can also purchase SharePoint by itself as an on-premise solution.
Integration features
- Connect your SharePoint/OneDrive site(s) to a Simpplr site to make the files within searchable by Site members.
- Attach files from your SharePoint/OneDrive directly to your content.
- Upload and download files to SharePoint/OneDrive from your intranet interface.
- Add folders to SharePoint/OneDrive from your intranet interface.
- Manage which documents are visible and available via your intranet while maintaining your robust file structure on SharePoint/OneDrive.
- Engage with files - Download, like, favorite, share, preview, and create new versions of files.
Need to know before setup
- There are two methods to set up access for your org's users in the integration:
- The SharePoint Admin and Azure Global Admin can be the first to connect their SharePoint account before other users do. This user will need to possess an Office 365 license in addition to having SharePoint Admin access. If this user is the same person with both roles, then follow the Connect SharePoint/OneDrive as an Azure Global Admin user on Simpplr instructions below. Once this user finishes setup, Global Admin consent will have been granted on behalf of your org, so all other users can now connect. The Global Admin user can disconnect their account at any time, and other users will still be able to connect. If the Global Admin and SharePoint Admin are two different people, the Global Admin will need to connect their account first. They'll choose "consent on behalf of the organization" option. They may see an error stating, "SharePoint is not enabled". However, this is when the SharePoint Admin can connect. Once the SharePoint Admin connects, the error will no longer persist. They must do this at their Simpplr profile level. More information below in Set up SharePoint as an Application manager.
- Alternatively, any user in your org (best practice is to make this the Simpplr App manager) can follow the Connect SharePoint/OneDrive as an End user on Simpplr steps below. The first person to connect their Simpplr profile to SharePoint will see an option to Request approval from their org's Azure Global Admin user. The Admin user will need to provide consent for the connection one time. Once provided, all subsequent users can connect their profiles without needing to request approval. More on this below.
-
Simpplr authenticates to OneDrive/SharePoint at the user level and respects the permissions created in Microsoft. A user will never see content they do not have rights to.
- In SharePoint, make sure limited-access user permission lockdown mode is deactivated. Otherwise, you won’t be able to link SharePoint files to Simpplr. To locate this setting, from SharePoint, go to Site Settings > Site Collection Features.
- Any documents connected to a site via SharePoint will be searchable and accessible to all site members who have access to those docs in SharePoint. If a site is public, all users of your intranet will have access to the SharePoint sites as long as they have access to the site in SharePoint.
- When searching for SharePoint/OneDrive files in the Files tab of a site, do not use the Search site files… bar. You must manually click into the folder containing the file you need.
- 60MB is the maximum file size that can be uploaded to Simpplr.
- Currently Simpplr does not support the ability to delete SharePoint document libraries from within your Simpplr instance.
Security overview
- If the Global SharePoint Admin is the first user to connect the integration, that user's OAuth tokens are NOT stored in Simpplr, and are only needed to provide consent to the rest of the users' connections. If that user is NOT the first person to connect, they will need to manually provide consent for the Simpplr app to connect to SharePoint through Azure once the first user requests approval via Simpplr. Steps on this are found below in Connect SharePoint/OneDrive as an Azure Global Admin user.
- Each user will need to connect their account at the User Profile level in the Profile & settings section. Users will only need to connect their account once.
- File permissions do not change once sites are integrated with Simpplr. For more information on file permission levels within SharePoint, click here.
- Updating the Admin user's SharePoint password will not affect the integration in any way. No connections will be disrupted if you change your SharePoint password.
For full security documentation on the SharePoint/Simpplr integration, click here.
Permissions Being Asked from SharePoint/Microsoft
SharePoint will ask users to consent to several delegated permissions on behalf of Simpplr when connecting their accounts for the integration. These all must be approved in order for the integration to work correctly.
Permission Name | Permission required | Description | Impact if removed |
Read and write items and lists in all site collections | AllSites.Manage | This is effectively the same as Sites.Manage.All, however it is required in order to hit legacy SharePoint-exclusive APIs. The Sites.Manage.All API only allows hitting Microsoft Graph APIs |
Note: The Review Permissions flow is not supported for adding domains. Only General Admin accounts can connect.
Upgrading to multi-instance
Our SharePoint integration is now able to support multiple domains (up to 20). If you’ve already integrated with SharePoint prior to the release of multi-instance support, you’ll have to disconnect SharePoint from Simpplr when upgrading to multi-instance. To upgrade:
1. Go to Manage App > Integrations > File Management. Under SharePoint, you’ll see a message explaining the upgrade process. Click Disconnect & upgrade. A modal will open asking if you’re sure you want to disconnect. Click Disconnect to begin the upgrade.
Note: Once you click Disconnect, an email will be sent to you with an attached CSV of all linked SharePoint document libraries prior to the upgrade. Once the upgrade is finished, all document libraries will be disconnected from Simpplr and you can refer to the CSV file to manually re-link these document libraries.
2. You’ll see a new message under SharePoint telling you that your upgrade is in progress. The upgrade may take several hours to complete. While the upgrade is in progress, Simpplr users can’t use SharePoint. It’s recommended that you conduct this upgrade outside of normal business hours.
3. Once the upgrade is finished, you’ll receive an email and in-app notification confirming that SharePoint multi-instance is enabled. The following data will be preserved after the upgrade:
-
- SharePoint account connections for all users
- All site selections of SharePoint as external file storage
-
All SharePoint files attached to:
- Content
- Feed posts
- Home and site dashboard tiles
Note:
If a domain is removed from Simpplr after being added, the people token information is deleted. If the same domain name is added again, the people token information is restored.The site folder information is not deleted and retained, once the user connects back, linked folders are visible again.
Connect SharePoint/OneDrive as an Application manager on Simpplr
As the Application manager, it is your responsibility to enable SharePoint and OneDrive on your company's intranet. Until the integration is set up at your permissions level, your org's users will not be able to access SharePoint or OneDrive. To allow Simpplr access to your SharePoint:
- From your Simpplr Home dashboard, navigate to your profile image and select Manage > Application.
- Go to Integrations > File management and check the boxes for SharePoint and OneDrive.
- Add the domain name(s) of your SharePoint instance. If using multi-instance, you'll add each domain name here.
- If you’re connecting to the multi-instance version of SharePoint: Determine access permissions for users interacting with SharePoint files they don’t have access to. Choose whether or not users without file access are shown an ‘Open in SharePoint’ prompt. Giving users this prompt may allow them to request file access directly in SharePoint.
- Click Save when you have all domains added and access permissions chosen.
Connect SharePoint/OneDrive as the Azure Global Admin user on Simpplr
Note:
With this method of integration connection, the SharePoint Global Admin is the first user to connect at the user level before any other users in the organization. The other method is for any user to connect their profile first and request approval from the Global Admin user to complete the integration connection. More on that below.Once your App manager has enabled the integration within Simpplr, you will be able to connect your user profile. To do so:
- Navigate to your user profile image and click Profile & settings. Once your profile is open, click Edit profile & settings.
- Click External apps, then next to SharePoint and/or OneDrive, click Connect account. You'll be redirected to Microsoft, where you'll sign in with your admin credentials. Once you've approved the requested parameters from Simpplr, your files are now connected to Simpplr!
- Now when you create content and want to attach files, you'll be given the option to include files from your SharePoint or OneDrive account.
Connect SharePoint/OneDrive as an End user on Simpplr
The steps below are an alternative method for establishing the user connection to your org's SharePoint instance. If you do not want to have the Global Admin user be the first to connect their profile (steps are shown above), any End user can follow these steps to be the first to connect. While we recommend this person being an App manager (who's already following the connection steps), it doesn't have to be. However, this person will need to request approval from the Global Admin user before the integration can be successful. Then the Global Admin user will need to go into Azure to approve the app connection. Once that's done, each subsequent user can connect their profile without requesting approval.
- Navigate to your user profile image and click Profile & settings. Once your profile is open, click Edit profile & settings.
- Click External apps, then next to SharePoint and/or OneDrive, click Connect account. You'll be redirected to Microsoft, where you'll log in with your credentials.
- You will need to enter a justification message for your Global Admin user, then click Request approval. The justification message can be, "Request for standard user account approval."
- Click Back to app to be redirected back to Simpplr. Note, you'll see an error message on your screen, but this can be ignored. Your request has been sent to the Admin for approval. Now the Admin user will need to follow the steps below to approve the request.
- Once that's completed, your profile is connected, and every other user can follow steps 1 and 2 above to connect their profiles.
Approve End user requests for connection as the Global Admin user
To approve the initial user's connection, thereby approving the Simpplr app to integrate with your org's SharePoint instance, follow the steps below.
- Log in to the Azure portal.
- Search for "Enterprise applications" in the search box and select the result.
- Click Admin consent requests on the right-hand panel.
- Find and select Simpplr for SharePoint/OneDive for Business in the My Pending requests list.
- Click Review permissions and consent and approve the request once redirected to accept the permissions. For more info on security permissions requested by Simpplr, click here.
- Once you click Accept, you'll receive a success message that the request has been approved. The user's Simpplr profile will not connect to SharePoint/OneDrive. This will be the only time you need to approve permissions as you're approving a connection for the entire Simpplr app, not just one user.
- Back in your Enterprise Applications menu, you'll now see Simpplr for SharePoint/OneDrive for Business in the list.
Connect SharePoint/OneDrive as a Site owner on Simpplr
As a Site owner, it is up to you to enable SharePoint and OneDrive functionality at the site level. You also control the file upload permission settings for your site users. To do so, follow steps 1 and 2 from above to connect your Simpplr account to your Salesforce account, then:
- From your profile image, select Manage > Manage sites. Then locate the site on which you want to enable SharePoint/OneDrive.
Note:
In SharePoint, make sure Limited-access user permission lockdown mode is turned off. Otherwise, you won’t be able to link SharePoint files to Simpplr. - Locate the site you want to connect with SharePoint for file storage. From Manage site, in the Setup tab, scroll down until you see External files. From the dropdown menu, select SharePoint files. Then scroll down and click Save.
Link SharePoint document libraries to your site
Once SharePoint has been selected as file storage for a site, a folder named SharePoint Files will be automatically created in the Files tab. To add more folders to your site, follow the steps below:
Note:
Only a Site owner can link folders to a site, as long as they’re connected to SharePoint and the site is connected to SharePoint. If you can’t see the below options, you may not be the Site owner, or the site is not yet connected to SharePoint.- From your Simpplr site, select the Files tab.
- Click on the SharePoint files folder.
- Click Link SharePoint folder or document library.
- Select the SharePoint site and document library (if applicable) you wish to link to the Simpplr site. The sites you select will now be linked to the Simpplr site. If users do not link SharePoint files or folders to a site, they will not be able to view them or search for them in Simpplr.
Note:
Simpplr limits the number of top-level sites you can link to 15 per SharePoint instance. This is due to Simpplr's Search performance capabilities. If you link more than 15 top-level SharePoint sites (per instance), you won’t be able to search for SharePoint files in Simpplr. This limit doesn’t apply to document libraries.For example, if you link 15 top-level sites (HR, Product, IT, etc.) that each contain 10 document libraries, all libraries will be searchable. But you can’t link more than 15 top-level sites. If the same document library is linked in more than one Simpplr intranet site, it will count as two connected document libraries.
The total number of document libraries from SharePoint that can be connected to Simpplr is 300.
If users do not have access to a document library linked to a site, they will see the name of the document library under Files on the site.
However, when they click into the library, they will see this:
If a user goes to a piece of content that includes a SharePoint file they don't have access to, they'll receive the same "Unable to display" message.
Unlinking document libraries
Users with requisite permissions may unlink a document library from a site. If a user tries to unlink a document library they don’t have access to, they’ll be shown an error message.
If the Site owner disconnects their own profile from SharePoint and then connects again:
-
- SharePoint will need to be reconfigured at the site level
- All pre-existing linked SharePoint Libraries will no longer be available to site members
Transferring site ownership
If you wish to transfer ownership of a site that uses SharePoint for file storage, the new owner must be in the same SharePoint instance (and their app must already be connected to SharePoint), or SharePoint must first be disconnected from the site.
If the current Site owner leaves/is deactivated, and a new Site owner has not connected their account to the SharePoint document library in question, nothing will happen to the document library.
There are three scenarios that can play out when updating site ownership:
- The new Site owner does not have a SharePoint account linked to their profile. This will cause an error when attempting to transfer ownership of the document library.
- The new Site owner has the same SharePoint account linked in their profile as the previous owner. The ownership is transferred and the document libraries are not removed.
- The new Site owner has a different SharePoint account linked in their profile. Site ownership is transferred, and the linked document libraries are not removed.
SharePoint file access across instances
Only files that are in your SharePoint instance:
- Will be returned in search
- Can be attached to content and feed posts
- Will be visible and/or accessible, depending on where the file is located in Simpplr
- SharePoint files in the site files tab and file detail page are only visible to users who connect to the same instance.
- SharePoint files in the file manager, or attached to content and feed posts are visible to all users, regardless of which instance they’re in, but can only be opened by users who connect to the same instance.
Top-level SharePoint document libraries in the site files tab are visible to all users, regardless of which instance they’re in, but can only be opened by users who connect to the same instance.
Comments
Is it correct that OneDrive/Sharepoint would be enabled for the whole instance, but then I could choose to only integrate // turn it on for one site in my environment?
Hi Aileen. Yes, that's correct. In short, the integrations work like this:
Please sign in to leave a comment.