0%

GNC Go <-> SharePoint - IT Admins Guide

Overview

About

Security (Permissions Model)

Permissions in this integration are managed through a Delegated Permissions model. This means that actions are authenticated according to a User's existing SharePoint permissions.

File Links (SharePoint Document ID)

For this API, GNC Go relies on SharePoint’s Document ID property to generate stable links to uploaded files.

What is Document ID?

The Document ID property is a unique and permanent identifier assigned by SharePoint to each document stored in a site collection. This ID is used to generate a persistent URL that continues to work even if the document is moved to another folder or renamed.

Why We Use It

  • Reliable Linking. GNC Go uses the Document ID-based URL when referencing uploaded files. This ensures that links remain valid, regardless of changes to file location or name.

  • User Experience. Users can confidently access documents via saved links, bookmarks, or system-generated references.

  • Simplified Integration. It eliminates the need to track file paths or update links after a document is moved within SharePoint.

Known Issues
Enabling Document ID

Setup Steps

Step 1. Set up Document ID in SharePoint

For each relevant SharePoint site:

1.1 Go to the SharePoint Site Settings

  • Open your SharePoint site in a browser.

  • Click the settings (gear) icon in the upper-right corner.

  • Select Site Information > View all site settings (or directly Site Settings if you're using classic view).

1.2 Activate the "Document ID Service" Site Collection Feature

  • Under Site Collection Administration, click Site collection features.

  • Find Document ID Service in the list.

  • Click Activate.

1.3 Configure Document ID Settings

  • After activation, go back to Site Settings.

  • Under Site Collection Administration, click Document ID Settings.

  • Choose to assign IDs automatically to documents, and if you wish, define a custom prefix (e.g., GNC-).

  • Click OK to save.

Step 2. Register a New App in Azure

2.1 You or your Azure administrator go to https://portal.azure.com/

2.2 Navigate to Azure Active Directory → App registrations

  • Click "New registration"

  • Set: Name: [Application name of your choice]

  • Supported account types: "Single tenant"

  • Redirect URI: https://[your URL].gncgo.com/sharepoint_callback

  • The Redirect URL field accepts multiple valid URLs, so you can add your Sandbox and Live sites.

Step 3. Configure API Permissions in Azure

3.1 Go to your app → API permissions

3.2 Click "Add a permission" → Microsoft Graph → Delegated permissions

3.3 Add the following:

  • Files.ReadWrite  // Provide access to files the user has.

  • Sites.ReadWrite.All  // Allow upload/edit on SharePoint sites the user has access to.

  • offline_access  // Get refresh-tokens for background uploads.

Step 4. Create a Client Secret in Azure

4.1 In Azure, go to your new app → Certificates & secrets

4.2 Click “Add a client secret” and set:

  • Description: // Up to you

  • Expires:  // Up to you

You should now have the following ready to add to GNC Go:

  • Tenant ID

  • Client ID

  • Client Secret.

Step 5. Add Azure Connection details in GNC Go

In GNC Go → CADM Admin → SharePoint Application

5.1 Input the Connection details from Azure

  • Tenant ID

  • Client ID

  • Client Secret.

5.2 Validate and Save

  • Click: Validate Configuration to confirm the connection.

  • Click: Save Changes.

GNC Go | CADM Admin | SharePoint

Incident Response

In case of a security incident or compromise, access granted to the Azure AD app can be quickly revoked to protect customer data. The following steps outline how to do this:

Step 1. Revoke Access to the SharePoint Site

1.1 Remove Site-Specific Permissions

  • Use PowerShell or Microsoft Graph to revoke the app’s permission to the SharePoint site.

    Revoke-PnPAzureADAppSitePermission -AppId "<Azure-AD-App-Id>" -Site "[full site URL]"

1.2 Remove the App's Azure AD Permissions (if needed)

  • Go to Azure Portal → Azure Active Directory → App Registrations.

  • Locate the app.

  • Under API permissions, remove Sites.Selected, which should be the only permission granted.

1.3. Disable or Delete the App Registration

  • Go to Azure Portal → App Registrations.

  • Disable the app (change status) or delete it entirely to prevent further token issuance.

1.4. Revoke Existing Tokens

  • Revoke active tokens by resetting the client secret or changing the app’s credentials.

Step 2. Notify GNC Go

2.2 Inform the GNC Go team [support@gncspace.com] of the access revocation, and coordinate follow-up.

Step 3. Audit and Review

3.1 Review Microsoft 365 audit logs for any unusual activity.

3.2 Document the incident and actions taken as part of your internal security policy.

0%