Receptors & Integrations
      Back to home
      1. Trustero Support
      2. Trustero User Guide
      3. Receptors & Integrations

      SharePoint Document Management with Least Privilege Permissions Setup Guide

      How to set up the SharePoint integration

      The SharePoint document management system integration enables linking files from SharePoint as policy documents or evidence in Trustero.

      To enable SharePoint Document Management System Integration:

      1. Create an App registration. Follow the App Registration Setup Guide, setting up permissions needed for Sharepoint.
      2. Add Platform Configuration to the App Registration to enable the Microsoft File Picker (Optional - Only applicable for File Picker Functionality)
      3. Grant permissions to specific files and folders using PowerShell
      4. Set up SharePoint Document Management System Integration within Trustero
      5. Link policy documents and evidence 

      1. Create App Registration & Select Permissions 

      Follow the Trustero App Registration Setup Guide, setting up permissions needed for SharePoint. 

      During the app registration process where in the API permissions are being granted, the following permissions needs to be added:

      Permission Name

      Type

      Description

      Usage

      Sites.Read.All

      Delegated

      Read items in all site collection

      Enables the file picker to select files that the user has access to. 

      (Optional - Only applicable for File Picker Functionality)

      Sites.Selected

      Application

      Access selected site collection

      Grants the application access to specific sites, as permitted by administrator

      Files.SelectedOperations.Selected

      Application

      Access selected files 

      Grants the application access to specific files/folders as permitted by administrator

       

      2. Add Platform Configuration to Microsoft File Picker

      Microsoft File Picker can be used to access the files within SharePoint. This procedure enables Microsoft's File Picker to gain access from a 3rd party location (Trustero).

      If you do not intend to use the File Picker to select files from SharePoint within Trustero, you may skip this section.

      1. In the App Registration that was created for Sharepoint, go to the Authentication Page
      2. Click the  +Add a Platform button, select Single-page application
      3. In the Configure single-page application widget on the right...
        1. Set “https://app.trustero.com” as the redirect URI
        2. Check Access tokens (used for implicit flows)
        3. Check ID tokens (used for implicit and hybrid flows)
        4. Click Configure button
      4. Click Save button

      3. Granting permissions to specific files and folders using PowerShell

      With the Files.SelectedOperations.Selected permissions, the application does not access files and folders within the SharePoint Site. Azure administrator needs to manually grant permissions to selected files and folders using a PowerShell script. 

      To assign permissions using the PowerShell script execute the following steps:

      1. Obtain the PowerShell script from the following repository
        • https://github.com/trustero/sharepoint
      2. Open the terminal in your local machine
      3. Execute the PowerShell script with the following parameters
      ./sharepoint-permission.ps1 -SiteUrl <SiteUrl> -AppId <AppId> -folderPaths <FolderPaths>

       

      SiteUrl

      Enter the SharePoint site URL (e.g., https://yourtenant.sharepoint.com/sites/yoursite)

      AppId

      Enter the Application ID (e.g., 70d96320-e711-4e0e-94cf-53e43b557b0a) from the Azure AD App registration

      FolderPaths

      Enter list of folder paths to give permission separated by comma

      (Relative path from the root folder of the Site) 

       

      Examples: 

      • Single Folder
      ./sharepoint-permission.ps1 -SiteUrl https://yourtenant.sharepoint.com/sites/yoursite -AppId 70d96320-e711-4e0e-94cf-53e43b557b0a -folderPaths '/Folder1/SubFolder1'
      • Multiple Folders
      ./sharepoint-permission.ps1 -SiteUrl https://yourtenant.sharepoint.com/sites/yoursite -AppId 70d96320-e711-4e0e-94cf-53e43b557b0a -folderPaths '/Folder1/SubFolder1,/Folder1/SubFolder2'
      • Folders with spaces in its name
      ./sharepoint-permission.ps1 -SiteUrl https://yourtenant.sharepoint.com/sites/yoursite -AppId 70d96320-e711-4e0e-94cf-53e43b557b0a -folderPaths '/Folder1/Sub Folder1'

      4. Sharepoint Document Management System Integration Setup in Trustero

      Within Trustero, activate the Sharepoint Document Management System Integration under Integrations > Document Management

      1. Toggle the On / Off button for Sharepoint
      2. Configure it using credentials obtained from the App Registration, and click Activate
      3. Done! The SharePoint button should now be enabled in the Add Policy Document and Add Evidence Modals similar to the following:

      5. Link Policy Documents and Evidence

      Enabling the integration allows you to link policy documents and evidence from SharePoint 

      1. Within Trustero, select the policy you would like to link to the policy document. 
      2. Click the Add Documentation Button
      3. Select SharePoint as source
      4. Enter the selected Sharepoint file
        1. File Picker view:


        2. Paste Link view:


      5. After linking the file within Trustero, the document should appear under documentation
      6. To view the linked file, click on it. You will be redirected to SharePoint to see the files' contents.
      7. To modify selection of accessible files, update permissions using the script in Step 3.