Login
    Contents x
    Espace 365 Installation
    • 23 Aug 2023
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Espace 365 Installation

    • Updated on 23 Aug 2023
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Prerequisite

    Before starting, it is necessary to install the Space 365 module on the Constellio server. It is also necessary to make the Constellio server available via HTTPS. Note that if authentication is done through the Azure portal, it is not necessary to synchronize Constellio with Azure AD in the LDAP directory.

    Installation of Office 365 plugin and Azure AD SSO

    If you need to install the Office 365 plugin and also the Azure AD / Entra ID SSO, you need to set all configurations of both Office 365 and Azure AD / Entra ID SSO in a single Azure application (Redirect URI, API permissions, etc)
    This is not required if your SSO module is not configured for Azure AD / Entra ID, but instead with Kerberos or other technologies.

    View Azure SSO configuration guide

    Register the Office 365 app in Azure Ad / Entra ID

    • Sign in to the Azure portal https://portal.azure.com 
    • Click the Azure Active Directory / Entra ID icon in the left menu
    • Click on the Application Registration option
    • Click on the New Registration option
    • Enter a Name (e.g. Constellio-Office365), choose the Accounts in this organization directory only option, and choose the Client Application option.
    • After registration, go to the Overview page. Note the application ID (tenant) and directory ID (tenant) that will be used to populate the Application ID and Azure tenant ID values in Constellio in the Office 365 configurations section.
    • Then, go to the Authentication page, select the Add Platform option, and then Web. Enter the HTTPS url of your Constellio, then select the access tokens and ID tokens. Finally, repeat the procedure with the same address with the addition of the suffix msal/oauth/token
    • Then, go to the Certificates and Secrets page. In the Client Secret section, create a new client secret by choosing an expiration time. Note the value of the client secret that will be used to populate the Client secret value in Constellio in the Office 365 section of the configurations.
      Be careful, the value will no longer be found after leaving the page, so it is very important to note the information. In case the value is lost, it will be necessary to generate a new secret.
    • In the Allowed APIs section, click Add Authorization, click Microsoft Graph, and then click Delegated Permissions.
      For a complete list of permissions and their impacts, see the following documentation:
      The following permission list is the list of permissions requested by Constellio. Add the following permissions as delegated permissions AND as app permissions.

    Teams

    Deletion

    • Group.ReadWrite.All
      • Delete a team after it has been archived
    • Channel.Delete.All
      • Delete a channel after it is archived

    Writing

    • Team.Create
      • Creating a team from a template
    • TeamMember.ReadWrite.All
      • Adding team members after it is created
    • Channel.Create
      • Create a channel from a template
    • ChannelMember.ReadWrite.All
      • Adding members of a private channel after it is created

    Reading

    • User.Read.All
      • Selecting members to add to a private team/channel
    • Team.ReadBasic.All
      • Browse and list available teams
    • Channel.ReadBasic.All
      • Browse and list available channels
    • ChannelMessage.Read.All
      • Archive messages from a channel

    SharePoint and OneDrive

    Deletion

    • Files.ReadWrite.All
      • Delete folders and documents after they are archived

    Writing

    • Files.ReadWrite.All
      • Create folders and documents from a template

    Reading 

    • Sites.Read.All
      • Browse and list available sites and libraries
    • Files.Read.All
      • Browse, list and download folders and documents

    Exchange

    Deletion

    • Mail.ReadWrite
      • Delete folders and emails after they are archived

    Writing

    • Mail.ReadWrite
      • Create a folder hierarchy from a template

    Reading

    • Mail.Read
      • Browse folders and download emails and attachments

    Add the following delegated permission

    • email
      • Allows Constellio to obtain the user's email address
    • offline_access
      • Allows Constellio to refresh the user's token to reduce the number of reauthentications.

    Configuring Constellio

    1. With the menu at the top left and as an administrator user, go to "Piloting". In the "System control" section, select "Configuration". 
    2. In the Office 365tab
      • Set the Azure application ID as the value of the Application ID field
      • Set the client secret of the Azure application as the value of the Client secret field
      • Set Azure Directory ID as the value of Azure Tenant ID field
    3. In the Other tab, make sure that the Link field of the Constellio server contains the HTTPS address of the Constellio server .
    4. Click Save to confirm your changes and go to the Control section -> Update Center to restart Constellio. 


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout