Modern authenticationConfigure Token Vault Settings in eCopy ShareScanConfigure a SharePoint connector with Modern Authentication

Configure a SharePoint connector with Modern Authentication

This topic describes the second part of the fourth configuration task in the process of setting up eCopy ShareScan connectors and email watchers to use modern authentication.

Perform this task in the eCopy ShareScan Administration Console after you have successfully

  • registered a Microsoft 365 application for Token Vault through the Microsoft Identity Platform (Azure Active Directory) admin center
  • registered a Microsoft 365 authorization provider with SharePoint and SharePoint.MySite scope sets in Token Vault
  • authorized Token Vault in Microsoft 365 through a Token Vault Microsoft 365 authorization provider
  • configured Token Vault settings in the ShareScan Administration Console under Advanced > Tools.

To configure a SharePoint eCopy connector with SharePoint Online and modern authentication, perform the following steps:

  1. Select a destination of a SharePoint connector profile and open the Edit destination dialog.
  2. Enter a Hyperlink pointing to a SharePoint Online location (for example, https://test.sharepoint.com/sites/TestSite)
  3. Select Enable Modern Authentication.
  4. Select the Authentication method and specify the user credentials to be used for testing your configuration and/or in client side workflows depending on your selected Login Mode.

    If you select Password as Authentication method, specify the Username in the DOMAIN\username format and the Password.

    If you select One-time passcode as Authentication method, specify the Username in the User Principal Name (UPN) format and a valid One-time passcode which was generated by Token Vault or an authenticator app set up on the Token Vault UI.

    The one-time passcode authentication method enables to access SharePoint 365 with Azure Active Directory users as well.

    Verify that this user has previously authorized the Token Vault in Microsoft 365 through a Token Vault Microsoft 365 authorization provider. This Token Vault Microsoft 365 authorization provider must be configured with the same tenant in Token Vault as the one that belongs to the SharePoint Online location that you specified in Hyperlink - see above.
  5. Click Test. (If the above authorization was not completed before the test, the test fails).
  6. At this point you are ready to invite your end-users to carry out their own authorization step on the Token Vault Available authorization providers page. Once this end-user authorization step is complete, the use of modern authentication in the supported connectors is operational.

When you configure a destination with

  • Enable modern authentication turned ON,
  • 'Password' Authentication method
  • Search while typing option turned ON and
  • 'Runtime' Logon mode

but your Active Directory Domain Services (AD DS) user accounts are not synchronized to the Azure Active Directory (Azure AD) of your Microsoft 365 subscription, then searching the SharePoint connector Authentication form runtime for users will display internal Microsoft 365 users. And because these users are not domain users in the on-premise Active Directory, they cannot authorize the Token Vault in Microsoft 365 through a Token Vault Microsoft 365 authorization provider. Therefore runtime authentication fails for these users.