To extract and index documents stored in Microsoft SharePoint, the Locator SharePoint connector needs to be configured with a user that has access to all the documents that are to be extracted. This user is referred to as the index user.
...
Connection Type | Required Permission | Can be indexed by Azure AD Application | Notes | ||||
|---|---|---|---|---|---|---|---|
| SharePoint Admin | Site Collection Administrator on each site collection/OneDrive | "Read for index user" custom permission on each site collection | "Read for index user" custom permission on site provided in Server Page | ||||
Document | Single site | No | No | No | Yes | Yes | |
| Index all site collections | Yes | No - but preferred | Yes | Yes | No |
| |
| Additional site templates* | No | No - but preferred | Yes | Yes | Yes |
| |
| User Profiles | No | No | No | Yes | Yes | ||
| MySites/OneDrive | No | Yes | No | No | Yes | You can use Set-MySiteIndexUser.ps1 script | |
*This can used when at least on one of these: Include Office 365 Personal Blogs, Include Office 365 Group Sites, Include Office 365 Communication Sites or Include other site templates is selected on Connection Configuration Page.
...
- If any of the "Include Office 365..."-checkboxes in wizard is used for specific site collection templates
- If "Include other site templates" is checked in the wizard and some of the templates were selected.
Note 3: Global admins and SharePoint admins don't have automatic access to Group Sites. That means they can not manage permissions inside Group Sites. However global admins still have option to add members and owners to Group Sites.
...
- Manually editing each user profile using the SharePoint Admin User Interface:
- From your browser, navigate to your office 365 SharePoint admin center.
- Click on "Admin" from the ribbon bar at the top right and select "SharePoint".
- Click on "user profiles" from the list on the left.
- Under "People", click on "Manage User Profiles".
- The "Total number of profiles" will be displayed. The following steps (#6 through #9) will need to be performed for each of the existing user profiles.
- In the "Find profiles" entry field, type the user name and click the "Find" button.
- Position the mouse over the "Account name", right click and select "Manage site collection owners".
- In the "site collection owners window, enter the name of the index user in the entry box for "Site Collection Administrators".
- Click OK.
- Running the Set-MySiteIndexUser.ps1 PowerShell script. This script will read all users from SharePoint online and add the index user to the "Site Collection Administrators" list, for each user's personal site, if it exists.
NOTE: To execute the Set-MySiteIndexUser.ps1 the SharePont Online Client Components SDK is required >> SharePointOnlineClientComponentsSDK
...
NOTE: If your SharePoint Administrator account uses Multi-Factor Authentication then you have to use Set-MySiteIndexUserMFA.ps1 version of the script instead. There are few differences compared to Set-MySiteIndexUser.ps1 script. There is additional prerequisite: you have to install module SharePoint Patterns and Practices PowerShell Cmdlets for SharePoint Online. This script is also slower than Set-MySiteIndexUser.ps1. There are few suggestions on how to use this script:
...
| Excerpt |
|---|
Configuring Windows Azure Active Directory Setting up the Windows Azure Graph API for Locator
The screenshot above has the application Id we need. The two menu options that are to be used for creating and obtaining the client secret, are circled in red and will be used in the following screenshots:
|
Adding Permissions to the Azure AD Application for SharePoint Online indexing
...