Media endpoints let you save pictures and recording files from visual support sessions. SightCall supports email, HTTPS, Amazon S3 buckets, SFTP, Microsoft Azure, Google Drive, and Sharepoint media endpoints.
This article explains how to set up Sharepoint as a media endpoint.
Requirements
To configure Sharepoint as a media endpoint, you will need:
- A Sharepoint Site with Team Site template (not Document Center template)
- Access to the admin portal (admin.sightcall.com)
- Access to Microsoft Azure as an admin
- Access to the Windows Command Prompt on your computer
- Access to the Windows Terminal on your computer
- Access to the Sharepoint Site you want to use for the media endpoint.
There are four steps to follow to configure Sharepoint as a media endpoint. The first three steps involve creating two applications in Microsoft Azure. The first created application will have full access to Sharepoint. This “Master” application will stay on the client side but is needed to be able to configure the second application with specific permissions that will allow SightCall to access Sharepoint as a media endpoint. *Note: Microsoft Azure calls these applications, but you can think of these more like connections that we are establishing.
Configuration Step 1
- Navigate to portal.azure.com.
- Click on App registrations from the navigation menu.
- Click New Registration.
- Enter a Name for the application.
- Under “Who can use this application or access this API?”, be sure that Accounts in this organizational directory only is selected.
- Click Register at the bottom of the page.
- Click on Certificates & Secrets from the navigation menu.
- Click New client secret.
- Enter a Description for the client secret.
- Select an option such as 12 months from the Expires drop-down menu.
- Click Add at the bottom of the screen.
- On the next screen, be sure to copy the Value of the Secret ID to a safe place, such as a text editor application. *Note: This is the only time you will be able to view the information in the Value field, so be sure to record it in a safe place and do not to lose it.
- Click on API permissions from the navigation menu.
- Click Add a Permission.
- In the panel that appears, click Microsoft Graph.
- Click Application permissions.
- Select Sites, and then check the box next to FullControl.All.
- Click Add permissions at the bottom of the screen.
- Click on Grant admin consent for {Name of Organization}. In the window that appears, click Yes
Configuration Step 2
- Click on App registrations from the navigation menu.
- Click New Registration.
- Enter a Name for the application.
- Under “Who can use this application or access this API?”, be sure that “Accounts in this organizational directory only” is selected.
- Click Register at the bottom of the page.
- Click on API permissions from the navigation menu.
- Click Add a Permission.
- Click on SharePoint.
- In the panel that appears, click on Application permissions.
- Check the box next to Selected.
- Click on Add permissions at the bottom of the screen.
- Click on Grant admin consent for {Name of Organization}. In the window that appears, click Yes.
- Click on Certificates & Secrets from the navigation menu.
- Click on the Certificates tab.
- Next, you need to create a self-signed certificate. This will involve using the Terminal application if you are using a Mac, or the Windows Terminal application if you are using a Windows computer. Open the appropriate terminal application on your computer. *Note: When instructed to type in the terminal, only type the text in blue. Failure to do so may result in failure of creating the certificate.
- In the terminal, type openssl genrsa -out name_of_private_key.pem 4096 . This step creates a private key.
- Hit Enter.
- In the terminal, type openssl req -new -sha256 -key name_of_private_key.pem -out csr.csr. This step creates a certificate sign-in request. (Depending on the openssl version used, another step is needed. If the pem file starts with “-----BEGIN RSA PRIVATE KEY-----", this step is not needed. If the pem file starts with “-----BEGIN PRIVATE KEY-----", type openssl pkey -in name_of_private_key.pem -out final_private_key.pem -traditional)
- Hit Enter. The terminal will notify you that you are about to enter information that will be incorporated into your certificate request.
- Respond appropriately to all requested pieces of information. Hit Enter after answering each prompt. The prompted fields are as follows:
- Country Name
- State or Province Name
- Locality Name
- Organization Name
- Organizational Unit Name
- Common Name
- Email Address
- You will be prompted again for “extra” attributes to be sent with your certificate request. You do not need to fill these in. Hit Enter to bypass them.
- In the terminal, type openssl req -x509 -sha256 -days 3650 -key name_of_private_key.pem -in csr.csr -out certificate.pem.
- Hit Enter.
- Navigate back to Microsoft Azure.
- Click Upload Certificate.
- In the panel that expands, click on the file icon next to Select a file.
- Navigate to the folder you saved the certificate to on your computer, and select it.
- Enter a description of the certificate.
- Click Add.
Configuration Step 3
Now, we have a Master App, which has full rights, and a Client App, which has site selected rights. However, the Client App can’t yet access Sharepoint. In this configuration step, we will grant the Client App the permissions it needs to access the appropriate Sharepoint site.
- Navigate back to your terminal application.
- In the terminal, type the following, where {azure_tenant_id} is your tenant ID in Azure, the {client_id} is the “Application (client) ID from the Overview tab of the Master Application, and {client_secret} is the client secret Value from Configuration Step 1.
- To find your Azure Tenant ID, first navigate back to Microsoft Azure.
- Click Home
- Click Azure Active Directory.
- The Tenant ID is located under the Basic information section of the Overview tab.
- The Client ID is located under the Basic Information section of the Overview tab for the Master App
MacOS or Linux:
curl –location –request POST ‘https://login.microsoftonline.com/{{azure_tenant_id}}/oauth2/v2.0/token’ \
--header ‘Content-Type: application/x-www-form-urlencoded’ \
--data-urlencode ‘grant_type=client_credentials’ \
--data-urlencode ‘client_id={{client_id}}’ \
--data-urlencode ‘client_secret={{client_secret}}’ \
--data-urlencode ‘scope=https://graph.microsoft.com/.default’
Windows:
Curl –location –request POST
"https://login.microsoftonline.com/{{azure_tenant_id}}/oauth2/v2.0/token"
--header "Content-Type: application/x-www-form-urlencoded"
--data-urlencode "grant_type=client_credentials"
--data-urlencode "client_id={{client_id}}"
--data-urlencode "client_secret={{client_secret}}"
--data-urlencode "scope=https://graph.microsoft.com/.default"
- Hit Enter.
- The access token will appear, with the value in quotation marks. Highlight the value of the access token and copy/paste it to the same text editor doc to save its value just like in Configuration Step 1. You will use this value in the next step.
- In the terminal, type the following, where the {access_token} is the value from the previous step, the {sharepoint_site_id} is the site ID of the Sharepoint site you want to use for the media endpoint, the {azure_client_app_id} is the Application (client) ID from the Overview tab of the Client Application, and the {azure_client_app_name} is the name of the Client Application.
- The Sharepoint Site ID can be found at the url : https://{tenant-name}.sharepoint.com/sites/{{sharepoint-site-name}}//_api/site/id
- The Client ID is located under the Basic Information section of the Overview tab for the Client App
- The Sharepoint Site ID can be found at the url : https://{tenant-name}.sharepoint.com/sites/{{sharepoint-site-name}}//_api/site/id
Max OS or Linus:
curl --location -g --request POST 'https://graph.microsoft.com/v1.0/sites/{{sharepoint_site_id}}/permissions' \
--header 'Authorization: Bearer {{access_token}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"roles": ["write"],
"grantedToIdentities": [{
"application": {
"id": "{{azure_client_app_id}}",
"displayName": "{{azure_client_app_name}}"
}
}]
}'
Windows:
curl --location -g --request POST "https://graph.microsoft.com/v1.0/sites/{{sharepoint_site_id}}/permissions"
--header "Authorization: Bearer {{access_token}}"
--header "Content-Type: application/json" -d "{\"roles\": [\"write\"],\"grantedToIdentities\": [{\"application\": {\"id\": \"{{azure_client_app_id}}\",\"displayName\": \"{{azure_client_app_name}}\"}}]}"
- Hit Enter
Configuration Step 4
You have just given the correct permissions to the Client Application. Now, you can configure the media endpoint in the admin portal of SightCall.
- From the admin portal (admin.sightcall.com), click Media Endpoints from the navigation menu.
- Click Add End-point.
- Enter a Name for this media endpoint.
- Select Sharepoint from the Type drop-down menu.
- Enter the (Azure) Tenant Name.
- Enter the Site Name.
NOTES:
- Tenant Name is the one from Azure, not SightCall Tenant Name.
- Tenant Name and Site Name should not have any spaces or special characters, just as they are used in the creation of the SharePoint URL.
- Enter the Azure Tenant ID.
- Enter the Client ID. *Note: This is the Client ID for the Client Application, with limited rights.
- Enter the Private Key.
- To get the value of the Private Key, return to your Terminal application.
- In the terminal, type cat name_of_private_key.pem
- Hit Enter.
- Copy/Paste the returned value, including the ----- BEGIN RSA PRIVATE KEY ----- and ----- End RSA PRIVATE KEY -----
- Enter the Certificate.
- To get the value of the Certificate, return to your Terminal application.
- In the terminal, type cat pem
- Hit Enter.
- Copy/Paste the returned value, including the ----- BEGIN CERTIFICATE----- and ----- End CERTIFICATE -----
- Click Continue.
- Configure Steps 2 (Pictures during a call), 3 (Recording files), and 4 (Recording audio transcripts) as needed.
- When you are done, click Submit.