SharePoint

Introduction

The Records365 connector for SharePoint allows you to unlock the value of your on-premises SharePoint content as records in Records365.

Learn how to install, configure, and activate the Records365 SharePoint connector!

The SharePoint connector requires an additional subscription. If you would like to inquire about subscribing, or you believe your organization has subscribed and the connector is missing from the Gallery please contact support.

Architecture

The SharePoint connector runs as a Windows service in your on-premises corporate network. The diagram below shows the components in the connector and how they interact.

The SharePoint Connector polls Records365 to determine whether any disposal actions need to be performed on your SharePoint content, so Records365 requires no changes inbound to your corporate network. The only requirement is that the machine where the connector is running must be able to access the Internet.

The configuration component and the Connector Service require an instance of MS SQL Server to host the configuration database and the connector system queues for content submission. This database may reside within the same SQL Server instance supporting your SharePoint farm, or a separate standalone database.

Security

The SharePoint connector communicates with Records365 strictly over HTTPS on port 443 using TLS 1.2. The connector uses a polling mechanism over HTTPS to send record submissions & retrieve disposal information from Records365.

Role required
To configure Azure Active Directory for the SharePoint connector you need to be an Azure AD Global Administrator or Application Administrator.

Azure Active Directory Setup

Records365 delegates authorization and authentication to your Azure AD environment, and extends this model to the SharePoint on-premises connector with an Azure AD App that is registered in your tenant.

The SharePoint connector uses the OAuth 2.0 protocol to authenticate and authorize the connector against your Azure AD, and then securely submit information to Records365. No keys, secrets, or inbound network ports are required to communicate with Records365. To read more about Azure AD and how it is used for application authentication see Azure Active Directory for developers.

Registering an Azure AD App

  1. Sign in to the Azure portal.
  2. If your account gives you access to more than one, click your account in the top right corner, and set your portal session to the desired Azure AD tenant.
  3. In the left-hand navigation pane, click the Azure Active Directory service, click App Registrations, and click New Application Registration.
  1. When the Create page appears, enter the SharePoint connector application registration information:
    • Name: RecordPoint SharePoint Connector
    • Application type: Select “Web app / API”
    • Sign-On URL: https://records365.com
  2. You are taken to the application’s main registration page, which opens up the Settings page for the application. To add a secret key for the SharePoint connector:
    • Click the Keys section on the Settings page.
    • Add a description for your key.
    • Select either a one or two year duration.
    • Click Save. The right-most column will contain the key value, after you save the configuration changes. Be sure to copy the key for use in the SharePoint connector, as it is not accessible once you leave this page.
  3. You’ll need to save the Client Key that you have just created as well as the Application Id from the application registration page for the next steps in the configuration. Keep these in a secure location.

Setting up the SharePoint Connector in Records365

  1. Click on the Settings icon
    in the top right hand corner of Records365.
  2. Click on Add Connector and select the SharePoint Connector in the Gallery.
  3. Click Add.
  1. This will open the SharePoint Connector configuration tab.
    1. Enter the Display Name and Originating Organization. These values can be changed later.
    2. Enter the Client ID. This is the Application ID that you saved when setting up the Azure AD App Registration.
    3. Click Save.
    4. Click Download Settings. This will download a .json configuration file that you will now enter in the SharePoint Connector configuration application.
    5. Click Server Component Installer. This will download an .msi installer file that you will use in the Installation section to install the SharePoint Connector.

SharePoint Connector Installation and Configuration

If you wish to submit Audit entries for records to Records365, the SharePoint Connector must be installed on a SharePoint farm server. If you do not wish to submit Audit entries, then the SharePoint Connector may be installed on a virtual or physical server outside the SharePoint farm, as long as the install location has network connectivity to the SharePoint farm.

Prerequisites and system requirements

Minimum software requirements:

  • Microsoft Server 2008 R2 or Microsoft Server 2012
  • .NET Framework 4.5

Hardware requirements:

  • If installing the SharePoint Connector in a SharePoint farm machine, then as per the SharePoint Server Hardware and Software requirements listed here: SharePoint 2013 SharePoint Server 2016
  • If installing to a standalone virtual or physical server:
    • 2 core processor
    • 8 GB RAM
    • 20 GB free disk space

SQL Server requirements (if using a standalone SQL server to host the connector database):

  • 2 core processor
  • 8 GB RAM
  • MS SQL Server 2012 or above
  • 1 GB free disk space

Download and Install SharePoint Connector

If your organization has purchased the SharePoint Connector, you can download the installation package from the Connector Gallery by clicking on the SharePoint tile in the Gallery and clicking the Server Component Installer button in the configuration tab.

The SharePoint Connector application installs a Windows service and a simple configuration executable. Once the installation is complete, open the SharePoint Connector configuration application from the start menu or by running SharePointConnector.Configurator.exe from your installation directory (by default, C:\Program Files\RecordPointSharePointServerConnector).

Configure User Accounts required by the SharePoint Connector

The SharePoint Connector requires at least one dedicated user account to perform the following tasks:

  • Monitor SharePoint Web Applications and the Site Collections within to submit new and modified documents to Records365 for management.
  • Monitor the SharePoint audit logs and submit audits for managed records to Records365.
  • Create and use the SQL database required by the Connector for queueing and configuration management.

We recommend creating a new user account(s) for this purpose. This user account(s) has some specific requirements:

  • The user account must be a member of the SharePoint Farm Adminstrators group. To add an account to the Farm Administrators group, go to SharePoint Central Administration, click on Security, then Manage the Farm Adminstrators group.
  • To manage Audits, this user account must also be used to run the Connector Service. To do so, open the Services console by searching for “Services.msc” in the Windows Start Menu, then find the ‘RecordPoint SharePoint Connector’ service in the list. Right click on it and select Properties. In the Log On tab, enter the credentials of the user account.
  • To create and use the configuration and queueing database, the user account will require the dbcreator role on your SQL Server. For more information about permissions in SQL Server, see Server-Level Roles in SQL Server.

If the same account is used, the SQL Connection String required in the next section can use Integrated Security instead of providing a username and password in the Connection String.

Complete the SharePoint Connector Configuration

Take the .json configuration file that we downloaded in the Setting up the SharePoint Connector in Records365 steps and open the SharePoint Connector configuration application. Click on the System tab.

  1. SharePoint User: The Connector Service will use this user account to access the various objects within the SharePoint farm, for example Web Applications, Site Collections, auditing information and document changes, that the SharePoint Connector service requires to manage your content.
  2. SharePoint Password: The password for the user account specified above. This is encrypted when stored and is not visible to users or adminstrators once saved.
  3. SQL Connection String: This is the connection string to a SQL server accessible from the SharePoint Connector service. The ‘Test’ button should be used to make sure this value is correct and the database is accessible. The connection string is encrypted when stored and is not visible to users or adminstrators once saved.
  4. Logging Level: Determines the types of log messages written to the Windows Event Viewer. We recommend leaving this setting at ‘Warning’ unless instructed to change it when troubleshooting - when set to ‘Information’ or ‘Verbose’, this will generate a large volume of logs.
  5. Poll Interval: This is the number of seconds between each poll that the Connector Service makes to the SharePoint farm. The default value is 10 seconds. Modifying this will have different impacts on your SharePoint infrastructure and should be done by an Administrator who can monitor the impact on farm health and the underlying infrastructure - lower values will mean more frequent polls, with smaller payloads (as less changes will be picked up by each poll).
  6. Records365 Settings: Use the ‘…’ button to select the .json file downloaded from Records365.
  7. Client Secret: Enter the Client Secret value saved when performing the Registering an Azure AD App steps above.
  8. Enable Audits: If this is checked, the SharePoint Connector will submit SharePoint Audits on your documents to Records365. To do so, the Connector must be installed on a SharePoint farm machine and the Connector Service must be set up to run as a user that is a member of the SharePoint Farm Administrators Group.


Now we are ready to begin adding Web Applications to be monitored by the SharePoint Connector! See Administration for SharePoint to continue.