Registering DryvIQ as a Custom App for SharePoint (Standard and GCC High)
On This Page
Overview
DryvIQ recommends creating Microsoft connections using the OAuth 2.0 authentication flow within the DryvIQ Platform. This flow requires that a global administrator account grant consent the first time the connection authenticates; thereafter, any user can be used to create a connection between DryvIQ and SharePoint Online.
Some security protocols may restrict the global admin from granting the “Have full control of all your site collections” permission. In that case, you add a custom app registration in your Azure Portal to create an identity configuration for the DryvIQ Platform within Microsoft Entra ID. This allows the DryvIQ Platform to interact with Azure services and APIs securely. The information below walks you through creating the app registration, including specific permissions that need to be granted to DryvIQ. The information applies to both standard and GCC High SharePoint environments.
Creating a Custom App Registration
Log in to your Azure Portal.
Standard Azure URL: https://portal.azure.com
GCCH Azure URL: https://portal.azure.usSelect View under Manage Microsoft Entra ID.
Expand the Mange section in the left menu.
Select App Registrations (1), and then select New Registration (2).
Complete the following information on the Register an application page:
Name: Enter the user-facing display name for the application.
Supported account types: Select the Accounts in this organization directory only option.
Redirect URI: Select Web and enter the following: https://api.portalarchitects.com/v1/external/oauth2
Select Register at the bottom of the page.
On the Overview tab, copy the Application (client) ID value and paste it somewhere you can reference when creating the connection in the DryvIQ Platform. This, along with the client secret (see below), will be used to set up the DryvIQ connection.
Generating the Client Secret
Expand Manage in the left menu (1), select Certificates & secrets (2), and then select New client secret (3).
On the Add a client secret panel, enter a description for the new client secret (1) and select an appropriate expiration date (2).
Select Add to create the client secret.
The new client secret will display under Value. Click the Copy icon next to this value to copy it to the clipboard. Paste this value into a text file or another document to ensure you have it for later. The client secret will be masked once you navigate away from this page. Ensure to copy it immediately after creating it. You will need this value to create the DryvIQ connection later in this document.
Configuring API Permissions for Microsoft Graph
Under Mange in the left navigation panel, select API permissions (1), and then select Add a permission (2).
Select Microsoft Graph on the Request API permissions panel.
Select Delegated permissions.
Add the following permissions for Microsoft Graph. (Use the available search bar to find permissions quickly.)
Click this link to download a spreadsheet version of the required permissions.Select Add permission at the bottom of the panel to save the selected permissions.
Configuring Permissions for SharePoint
Select Add a permission again (1), and this time, select SharePoint in the Request API permissions panel (2).
Select Delegated permissions.
Add the following delegated permissions for SharePoint. (Use the available search bar to find permissions quickly.)
Click this link to download a spreadsheet version of the required permissions.Select Add permission at the bottom of the panel to save the selected permissions.
Select Grant admin consent (1), and then select Yes when prompted to confirm that you consent to the requested permissions (2).
The Status column should display a “Granted for” status for all the permissions.
The custom app registration is complete. You can now create your connection in DryvIQ.
Creating a Connection in DryvIQ
Create the connection using an API tool like Postman or the DryvIQ Command Line Interface. Make a POST call using the custom app’s client ID, client secret, and the SharePoint tenant URL. The client secret value was the value you copied in step 4 under “Generating the Client Secret.” The client ID value is available on the Overview page for the custom app registration.
POST for Standard SharePoint
Office 365
POST {{url}}v1/connections/platforms/office365-graph/new?domain={{sharepoint url}}&client_secret={{client secret value}}&client_id={{client id value}}OneDrive for Business
POST {{url}}v1/connections/platforms/onedrive-business-graph/new?domain={{sharepoint url}}&client_secret={{client secret value}}&client_id={{client id value}}
POST for GCC High SharePoint
Office 365 GCC High
POST {{url}}v1/connections/platforms/office365-graph-gcch/new?domain={{sharepoint url}}&client_secret={{client secret value}}&client_id={{client id value}}OneDrive for Business GCC High
POST {{url}}v1/connections/platforms/onedrive-business-graph-gcch/new?domain={{sharepoint url}}&client_secret={{client secret value}}&client_id={{client id value}}
Creating a Connection
Send a POST call for the corresponding connection as shown above.
Copy the response target URL from the above request.
In your browser, log in to the DryvIQ Platform application.
Paste the response target URL into a new browser tab and press ENTER.
A SharePoint Online prompt will appear to authorize the app.
After authorization, a JSON payload will be returned confirming the connection.
Return to the DryvIQ Platform and refresh the browser. Your new connection will be listed on the Connections page.