SharePoint Data Sources

With the implementation of Microsoft's move to Modern Authentication, using the Microsoft identity platform, logging into cloud-based versions of SharePoint is no longer possible by simply using a user name and password. Legacy installations that user older versions of SharePoint may still do so, but SharePoint has largely implemented an OAuth-based authentication scheme, with additional security provided by the use of encryption certificates.

In Process Director v5.44.1000, Modern Authentication for SharePoint was implemented using the SharePoint OAuth Datasource, which only gives access to SharePoint at the Tenant (organizational) level.

For Process Director v5.44.1103, The SharePoint OAuth Datasource was renamed to SharePoint OAuth (Tenant), while a new Datasource SharePoint OAuth (Site), was added to give access to SharePoint at the Site level, rather than at the entire tenant.

The existing SharePoint Datasource, which uses the simple username/password authentication scheme, is still available for customers who are using older versions of SharePoint. This legacy authentication method should be relevant to only a very small minority of customers, and has been renamed to SharePoint (Legacy).

Important This update to the SharePoint Datasources will require updating the SharePoint Custom Tasks!

Configuring a SharePoint OAuth (Tenant) Datasource #

Modern Authentication provides much more secure access to SharePoint, but does require a more complex setup process. To set up Modern Authentication between SharePoint and Process Director, you must complete the following steps.

  1. Create a certificate to authenticate Process Director with SharePoint Online.
    1. Using Microsoft’s certreq.exe, installed on all modern Windows OS versions.
    2. Using PowerShell, also included with all modern Windows OS versions.
  2. Add Process Director as an application in the Azure Active Directory portal.
    1. Add public key certificate to Process Director application in Azure.
    2. Configure SharePoint Online permissions.
  3. Create a new SharePoint OAuth Datasource.

In this topic, we'll address each of these required steps in detail. Additional information about this topic can also be obtained from Microsoft's online documentation.

Create a certificate to authenticate Process Director with SharePoint Online #

Microsoft prefers the use of certificates for authentication. Each certificate includes both the public and private keys used to encrypt data. The public key (in a CER file) is used by SharePoint Online to authenticate Process Director. The private key is packaged in a password-protected PFX file and is used by Process Director to authenticate with SharePoint online. There are two methods that can be used on Windows-based systems to create a proper certificate.

  • Using Microsoft’s certreq.exe, installed on all modern Windows OS versions.
  • Using PowerShell, also included with all modern Windows OS versions.

Important Keep in mind that certificates expire after a set period of time. Most organizations specify the maximum length of time certificates should be used. By default, the instructions that follow will generate certificates valid for one year. You should, therefore, generate and install new certificates well before existing certificates expire. This implies that your organization also has a mechanism in place to be reminded when expiration is approaching, to ensure that service interruptions don't occur.

Creating a Certificate with certreq.exe

This method of certificate creation might be preferred if you’re less comfortable with command-line operations and don’t intend to automate the generation of certificates. Microsoft's online documentation has additional information about certreq.exe.

Creating a Certificate with PowerShell

PowerShell is a command line application that's included with all modern versions of Windows. You can choose this method if you’re comfortable with PowerShell and might want to automate certificate generation on a recurring basis.

Add Process Director to Azure #

To add Process Director as an application in your Azure Active Directory portal at the Tenant level, complete the steps below after signing into your Azure portal (portal.azure.com):

Create the SharePoint OAuth (Tenant) Datasource #

Now that the application has been fully registered in Azure, you can create the SharePoint OAuth Datasource in Process Director. Be sure to keep the Azure window open, however, as you'll need to transfer some information from Azure to configure the SharePoint OAuth Datasource. Ensure you've opened the Azure Active Directory admin center window to the Overview tab of the App registrations page of your Process Director integration app. In this example, we'll use the "Test SharePoint OAuth" application we used in the steps above.

SharePoint OAuth (Tenant) Datasource Properties

In addition to the standard Description property, setting the Datasource Type property to SharePoint OAuth enables configuration of the connection properties listed below.

Configuring the SharePoint OAuth (Site) Datasource #

Configuring the SharePoint OAuth (Site) Datasource is far less complex than configuring the tenant-level Datasource, and requires no certificate to be created or uploaded to Azure. To add Process Director as an application in your Azure Active Directory portal at the Site level, complete the steps below after signing into your Azure portal (portal.azure.com):

Conclusion

Congratulations! Assuming that you've correctly followed the instructions above, you've now configured both SharePoint Online and Process Director. You can now use this Datasource and the SharePoint Custom Tasks in Process Director to integrate your SharePoint sites and data with Process Director.