Create the certificate

1. Enter Certificate Password” should be replaced with a password.

Create Entra Application

1. Login to the Azure portal and select App Registrations.
   

      

1. ·       Select New registration from the App registrations page.
   

1. ·       Fill the following highlighted field values and click Register in the Register an application page.
   

1. ·       Go to the Application Overview page after completed the application registered.
   

2. 1. Write down the Tenant ID and Entra App ID from this page.
      
   1. Directory (tenant) ID as Tenant ID
      
   2. Application (Client) ID as Entra App ID
      

Generate Authentication

1. ·       Click the Authentication menu from the left-side menu.

1. Click Add a Platform.

      

·      

1. Click Web and then Configure Web.
   
2. Enter https://sync.netdocshare.com/assets/spauth/index.html in the Redirect URIs input.
   
3. Check the boxes for Access tokens (used for implicit flows) and
   
4. ID tokens (used for implicit and hybrid flows).
   
5. Click Configure to save the configuration
   

      

·       

1. Verify that the Redirect URI was properly added from the Authentication pane.
   

Add Certificate & Client Secret

Click the Certificates & Secrets menu from the left side.

Upload Certificates   

1. Click Certificates tab to navigate the CCertificates list
   
2. Click Upload certificate.
   
3. Add the certificate that was previously created (the .cer file) and enter a description.
4. Click Add button to complete the upload.
   

1. ·       After completing the certificate upload write down the Thumbprint as Certificate Thumbprint.
   

      

      

      

Create Client Secret

1. Click the Client Secrets tab   
2. Click New client secret
3. Enter the description and choose an expiry date for the client secret in the popup.
4. Click Add button.
   

      

        

1. Microsoft Graph
   
1. Site.FullControl.All (Delegated)
   
2. User.Read (Delegated)
   

1. SharePoint

1. AllSites.FullControl (Delegated)
   
2. Sites.FullControl.All (Application)
   
3. Sites.Manage.All (Application)
   
4. Sites.Selected (Application)
   

1. ·       Click Grant admin consent for {tenantName}
   

1. Channel.Create
   
2. ChannelMember.Read.All
   
3.  ChannelMember.ReadWrite.All
   
4. Contacts.Read
   
5. Contacts.ReadWrite
   
6. Directory.Read.All
   
7. Directory.ReadWrite.All
   
8.  Files.ReadWrite.All
   
9. Group.ReadWrite.All
   
10. Sites.FullControl.All
    
11.  Sites.Manage.All
    
12. Sites.ReadWrite.All
    
13.  Sites.Selected
    
14.  Team.Create
    
15.   TeamMember.ReadWrite.All
    
16. User.Read (Delegate)
    
17. User.ReadWrite.All
    

Note:

1. The netDocShare Sync web and desktop applications use Delegated permission
   
2. The netDocShare Sync Scheduler application use Application permission.
   

Adding the SharePoint Connection on netDocShare Sync

1. Add a new SharePoint connection
   
2. Fill in every required field with the values from previous steps
   

Adding the Teams Connection on netDocShare Sync

Steps

Get SharePoint Site IDs

1. Go to Microsoft Graph Explorer at https://developer.microsoft.com/en-us/graph/graph-explorer
2. Sign into your Microsoft account in Graph Explorer (Click the profile icon in the top-right)
   
3. Click on the Modify permissions tab in the center section
   
4. Click the Open the permissions panel link
   
5. Search for “Sites.Read.All”, and check it
   
6. Click the Consent button at the bottom and consent to this permission (this gives Graph Explorer all sites read access)
   
7. In Microsoft Graph Explorer, set the request type to GET and enter the following URL, then press Run query: https://graph.microsoft.com/v1.0/sites/{hostname}.sharepoint.com:/sites/{site_path}?$select=id
8. Copy the ID value from the response at the bottom, this is your Site ID
   

Set the permissions for the desired site

1. Open the Postman application
2. Create a new request and open the Authorization tab

1. Set the Type to OAuth2.0
2. Under Configure New Token > Configuration Options, set the following fields:
   1. Grant Type
       to “Client Credentials”
   2. Access Token URL to the endpoint https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
   3. Client ID
       to your Application (client) ID
   4. Client Secret
       to the value of a secret for your App
   5. Scope to offline_access https://graph.microsoft.com/.default
   6. Client the Get New Access Token button and click Proceed, then click Use Token in the top-right
   
   

Next, we will configure the request

1. Change the type in the top-left to POST, from GET
2. Enter the URL: https://graph.microsoft.com/v1.0/sites/{Site ID}/permissions as the endpoint. Make sure to change {Site ID} to the Site ID that we copied earlier
3. Click on the Body tab, select raw, then change the type from Text to JSON
4. Add the following JSON body, and make sure to fill in the {client_id} and {app_name} from the Entra Application that was created earlier

{

    "roles": [

        "fullcontrol"

    ],

    "grantedToIdentities": [

        {

            "application": {

                "id": "{client_id}",

                "displayName": "{app_name}"

            }

        }

    ]

}

Remove Sites.FullControl.All access

Check that it works

1. On Postman, create a new request
   
2. Keep it as GET and leave the body empty
   
3. Reuse the same Authorization setup from the previous section
   
4. In the endpoint, enter: https://graph.microsoft.com/v1.0/sites/{Site ID}, replacing {Site ID} with the Site ID we copied earlier
   
5. Press Send
   

If you get a 200 OK response, the access is now set up properly