AZURE AD/SHAREPOINT ONLINE INTEGRATION WITH ECC – COMMON OPERATIONS
Hello Everyone,
In this blog, I am going to show you some common SharePoint operations, that can be done using the REST API provided by Microsoft.
What is Azure?
“Microsoft Azure is a cloud computing platform and infrastructure, created by Microsoft, for building, deploying and managing applications and services through a global network of Microsoft-managed and Microsoft partner hosted data centers.”
What is Azure Active Directory?
“Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.”
What is SharePoint Online?
Simply put, “SharePoint in the cloud”. SharePoint is often used to store, track, and manage electronic documents and assets. For example, I used it to deliver some documents from ECC to the suppliers. The suppliers would have a separate work area (SPO Site) and read access for the documents shared with them.
Let me explain the common operations involved in the AAD and SPO integration with SAP PI. I have done the integration using Advantco REST adapter. You will need a bit of XML to JSON conversion knowledge in REST receiver adapter.
COMMON SHAREPOINT ONLINE OPERATIONS:
- Create SPO Site
- Update SPO Site
- Give permissions for AAD user to SPO site
- Create folder in SPO
- Upload file into SPO site
COMMON AZURE AD OPERATIONS: (Kindly wait for my next blog)
- Create AD user
- Create AD group
- Add AD user to AD group
- Remove AD user from AD group
- Update AD User / Block AD User
Let us see one by one in detail;
SPO OPERATIONS:
1. Create SPO Site: If you need to create a new SharePoint site, follow the steps below;
- Resource URL:
|
https://mysapdev.sharepoint.com/sites/suppliers/_api/web/webinfos/add |
- HTTP Headers:
|
Header Name |
Header Value |
|
accept |
application/json; odata=verbose |
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
- HTTP method : POST
- SharePoint template (Not mandatory. To be created by SharePoint expert)
- Know the supported language. Eg:1033 is for English-UK
Below is the required JSON request for creating a site.
|
{ ‘parameters’: { ‘__metadata’: {‘type’: ‘SP.WebInfoCreationInformation’}, ‘Url’: ‘Supplier_ABC’, ‘Title’: ‘ABC Supplier’, ‘Description’: ‘REST created web’, ‘Language’:1033, ‘WebTemplate’:'{4AD5BC8A-5C4D-46E9-F390-1876AFF81CF5}’, ‘UseUniquePermissions’:false } } |
Note: I used the GUID of the web template as the name doesn’t work during execution.
Our actual request will be an XML but, we have an option to convert the request format from XML to JSON in the REST Receiver adapter.
Likewise, we have an option to receive the response via three ways;
- Http Response body : Actual response from the REST service.
- Template : Our own template for response XML.
- Template for Empty HTTP Response body only : Our template in case of empty response from REST service.
2. Update SPO Site: If you need to update the SPO site that you created before, follow the steps below;
- Resource URL:
|
https://mysapdev.sharepoint.com/sites/suppliers/%SupplierSiteName%/_api/web |
The %SupplierSiteName% is the value to be replaced by the site name that we want to update.
- HTTP Headers:
|
Header Name |
Header Value |
|
X-HTTP-Method |
MERGE |
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
- HTTP method : POST
- ” X-HTTP-Method” is used to override the POST method.
Below is the required JSON request for updating a site’s description.
|
{‘__metadata’:{‘type’: ‘SP.Web’}, ‘Description’: ‘Updated information’} |
3. Give permissions for AAD user to SPO site: If you need to give read/write permission for an AAD user to SPO site/SPO folders, follow the steps below;
We have used a site template which creates different site groups (For Reader/Owner etc.). If a user need “Read” permission, he has to be added in the Readers group. Giving permissions is a two-step process;
A. Get the site group ID:
– Resource URL:
The %SupplierSiteName% is the value to be replaced by the site name.
The %GroupName% is the value to be replaced by the group name.
– HTTP Headers:
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
– HTTP method : GET
B. Add user to the above group:
– Resource URL:
The %SupplierSiteName% is the value to be replaced by the site name.
The %GroupID% is the value to be replaced by the GroupID which we got in the first step.
– HTTP Headers:
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
– HTTP method : POST
Below is the required JSON request for adding the user to the group.
|
{“__metadata”:{“type”:”SP.User”},”LoginName”:”i:0#.f|membership|Jeorge.Kaps@mysaptest.onmicrosoft.com“} |
4. Create folder in SPO: If you need to create folders inside SPO site, follow the steps below;
– Resource URL:
- HTTP Headers:
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
- HTTP method : POST
Below is the required JSON request for adding the user to the group.
|
{‘__metadata’:{ ‘type’: ‘SP.Folder’ }, ‘ServerRelativeUrl’: ‘/shared documents/Test1’ } |
5. Upload file into SPO site: If you need to upload files inside a folder, follow the steps below;
– Resource URL:
– HTTP Headers:
|
content-type |
application/json; odata=verbose |
|
Cookie |
Cookie value has to be passed |
|
X-RequestDigest |
Digest value has to be passed |
– HTTP method : POST
NOTE: In my case, the file to be uploaded is sent from ECC as SOAP attachment. This attachment is swapped in PI using the standard module. The file name, folder name can be set dynamically. We could upload any type of file.
AAD OPERATIONS:
For AAD operations, you will need OAuth2.0 authentication. This will be given by your Azure AD expert.
Note: If you see the endpoint, it will contain the client ID and client secret.
Here, client secret is encoded. You will get the exact client secret by decoding it back.
Use the online tool, http://www.urldecoder.org/ to get it done.
1. Create AD User: If you need to create a user in Azure AD, follow the steps below;
– Resource URL:
|
https://graph.windows.net/mysapdev.onmicrosoft.com/users?api-version=2013-04-05 |
– HTTP Headers:
|
content-type |
application/json |
– HTTP method : POST
– HTTP Authentication – Oauth2.0 credentials given by Azure expert.
Below is the required JSON request for creating AAD user.
|
{“accountEnabled”:”true”,”displayName”:”Robert”,”mailNickname”:”Rob”, “passwordProfile”:{“password”:”Vd0Hih3l”,”forceChangePasswordNextLogin”:true}, “userPrincipalName”:”R.Robert.4067@mysapdev.onmicrosoft.com“} |
The request from MONI looks like this;
Note: You can see how the XML structure created according to the JSON request structure, so that it will be easy for us to convert from XML to JSON in REST receiver adapter. The tag name (Eg: “accountEnabled” in the JSON structure is case sensitive. Hence, we should convert the XML tag to the same case as in JSON structure.
2. Create AD Group: If you need to create a group in Azure AD for the users, follow the steps below;
– Resource URL:
|
https://graph.windows.net/mysapdev.onmicrosoft.com/users?api-version=2013-04-05 |
– HTTP Headers:
|
content-type |
application/json |
– HTTP method : POST
– HTTP Authentication – Oauth2.0 credentials given by Azure expert.
Below is the required JSON request for creating AAD group.
|
{ “displayName”: “Supplier123”, “description”: “MyGroup”, “mailNickname”: “123”, “mailEnabled”: false, “securityEnabled”: true } |
The request from MONI looks like this;
3. Add AD User to AD Group: Sometimes, you have a scenario to give group level permissions to other applications (Like SPO) in Azure. Hence, you need to add users to the required groups. Follow the steps;
– Resource URL:
– HTTP Headers:
|
content-type |
application/json |
– HTTP method : POST
– HTTP Authentication – Oauth2.0 credentials given by Azure expert.
Below is the required JSON request for adding user to AAD group.
|
{ “url”: “https://graph.windows.net/mysappreprod.onmicrosoft.com/directoryObjects/aa9b8a3d-87c8-466d-91ca-a9d53a55c902“ } |
The request from MONI looks like this;
Note: The values mentioned between “%” in the resource URL are the variables to be substituted with real values. REST receiver channel provides the variable substitution option.
The GUID which you see in the above JSON request is the GUID of the user that need to be added to the group. The GUID of group should be passed to resource URL via variable substitution.
4. Remove AD User from AD Group: Since you have already given group level permissions from AD, you sometimes need to revoke the permission for a particular user. You can either delete that AD user hence by removing the license attached or just removing the user from the AD group (License will not be removed and the user can be added again). Follow the steps for removing a user from group;
– Resource URL:
– HTTP method : DELETE
– HTTP Authentication – Oauth2.0 credentials given by Azure expert.
5. Update/Block AD user:
– Resource URL:
|
https://graph.windows.net/mysappreprod.onmicrosoft.com/users/%UserID%?api-version=2013-04-05 |
– HTTP Headers:
|
content-type |
application/json; odata=verbose |
|
X-HTTP-Method-Override |
PATCH |
– HTTP method : POST
– HTTP Authentication – Oauth2.0 credentials given by Azure expert.
Below is the required JSON request for updating user information.
|
{“accountEnabled”:”true”,”displayName”:”Stenish”,”mailNickname”:”sten”} |
The request from MONI looks like this;
Note: In the above example from MONI, we just blocked Einstein in Azure AD !