ConfigurationConnectionsConnect to SharePoint

Connect to SharePoint

The PSIcapture Configuration: Connections tab is designed to set up global connections to SharePoint accounts that can then be used across multiple areas of the product, including Auto Import and Migrations. Follow the steps below to set up a connection profile for a SharePoint account. Access this tab directly from the left-hand tab menu of the main Configuration window.

Before beginning this process, ensure that your SharePoint installation is configured with the minimum access requirements. For more information, see Microsoft SharePoint Direct.

Start the process by going to Configuration: Connections and choosing the authentication type unique to your business infrastructure. In the Connection Type list, select SharePoint. Then, follow these steps to create a SharePoint connection profile based on your Authentication Type:

Authentication type: Basic Authentication

  1. Select the Basic Authentication radio button at the top of the Connection Values section of the Connection Definition window.
    Several fields to configure Basic Authentication for SharePoint appear.
  2. Enter a Display Name to identify the connection.
  3. Select the appropriate Site Version of SharePoint that corresponds with your organization's infrastructure.

    Support for SharePoint versions older than 2013 is deprecated and no longer supported.

  4. Enter the complete SharePoint site address and be sure to identify if HTTP or HTTPS is in use.

    For example: http://sharepoint.company.com or similar.

  5. Enter the User name of the site collection administrator (preferred) or any other appropriately configured administrator account.
  6. Enter the Domain of the SharePoint site.
    Because the domain is fixed, this setting is disabled for SharePoint Online (see the bullet SharePoint online authentication: Use ADFS indentity provider in the Advanced Connection Settings dialog box described in the next step).
  7. Click the Advanced button to configure advanced authentication types.

    The Advanced Connection Settings dialog box appears.

    • Enable advanced authentication: Enables a claims-based authentication type for one of the following protocols:
      In some cases, advanced authentication may be necessary to overcome several limitations of basic authentication, including file upload size limits and the use of special characters in certain index fields.
      • NTLM (Mixed Mode): This basic Windows authentication type takes advantage of your existing Windows authentication provider Microsoft Entra ID (formerly Azure Active Directory Domain Services) (ADDS) and the authentication protocols that a Windows domain environment uses to validate the credentials of connecting clients.
      • Forms: Forms-based authentication is a claims-based identity management system that is based on ASP.NET membership and role provider authentication. Forms-based authentication can be used against credentials that are stored in an authentication provider, such as:
        • Microsoft Entra ID (formerly Azure Active Directory Domain Services ADDS)
        • SQL Server database (or similar database type)
        • A Lightweight Directory Access Protocol (LDAP) data store
      • ADFS: Microsoft Entra ID (formerly Azure Active Directory Federation Services ADFS) is a SAML token-based authentication in SharePoint Server, and uses the SAML 1.1 protocol and the WS-Federation Passive Requestor Profile (WS-F PRP). It requires coordination with administrators of a claims-based environment, whether it is your own internal environment or a partner environment. If you use Microsoft Entra ID (formerly Azure Active Directory Federation Services ADFS) 2.0 or later, you have a SAML token-based authentication environment.
        • When using Microsoft Entra ID (formerly Azure Active Directory Federation Services ADFS), the ADFS identify provider configuration fields are enabled. Fill out the following to enable this claims-based authentication process as a part of your connection profile:
          • Identify provider URL: Enter the complete URL provisioned as an identity provider within the domain. For example: http://sharepoint.company.com.
          • Trust version: Choose from one of the following trust versions as configured by your domain administrator:
            • WsTrust Version 2005
            • WsTrust Version 13
            • Federated Trust
    • SharePoint online authentication: Use ADFS indentity provider: Enable this feature to use the SharePoint Online Microsoft Entra ID (formerly Azure Active Directory Federation Services ADFS) domain instead of a locally managed domain.
  8. Select Test Connection to ensure the connection configuration is successful and that PSIcapture can communicate with SharePoint using these credentials.

    After a few seconds, a confirmation message will appear if the connection is successful.

    The maximum wait time is 90 seconds before the connection attempt times out. In the event that the error message referencing the file “msoidcliL.dll” is displayed, download and install “SharePoint Server 2013 Client Components SDK” from the Microsoft Download Portal.
  9. Once confirmed, select Save to complete your connection profile.

OAuth Authentication (Microsoft 365)

  1. Select the OAuth Authentication (Microsoft 365) radio button at the top of the Connection Values section of the Connection Definition window.
    Several fields to configure OAuth Authentication for SharePoint appear.
  2. Enter a Display Name to identify the connection.
    The Site Version field is disabled for OAuth authentication.
  3. Enter the complete SharePoint site address and be sure to identify if HTTP or HTTPS is in use.

    For example: http://sharepoint.company.com or similar.

  4. Enter the OAuth Client ID.

    The OAuth Client ID is set up when registering an application through the Microsoft Azure web portal and SharePoint. Follow the steps as described on the Microsoft Knowledge Base by searching for the article "Get Microsoft Entra ID (formerly Azure Active Directory) tokens for users by using MSAL." Once PSIcapture is registered in Azure, copy the generated Client ID to this field.

    Accounts using OAuth authentication for SharePoint must have the SharePoint.AllSites.FullControl permission added to the registered app in Azure.
  5. Select Scope to modify the scope settings for the OAuth connection. Input entries one per line. The scope contains information corresponding to the entered Site URL.

    Use the Reset button to clear the list.

    For example: https://<tenant>.sharepoint.com/.default where the <tenant> is replaced by the appropriate subdomain unique to your organization.

  6. Enter the OAuth Tenant ID.

    The OAuth Tenant ID is set up when configuring a connection token for third-party applications through the SharePoint web portal.

  7. Click the Authorize button.

    Your default web browser appears with a connection confirmation.

  8. In the web browser, click the Allow Access button to approve the connection.

    After a few seconds, you can view the access information, and PSIcapture displays a message box reporting a successful connection.

    PSIcapture may be hidden by the browser window. Do not close the web browser until the message box is displayed. The maximum wait time is 90 seconds before the attempt times out.

  9. Close the web browser window.

    If you receive an "invalid grant" error for a connection, Edit the connection and click the Authorize button to re-authorize the connection.

  10. Once confirmed, select Save to complete your SharePoint Connection profile.

    To link this connection profile to a SharePoint Direct migration workflow step, see Microsoft SharePoint Direct Migration.