Aiimi Insight Engine
User GuidesAiimi
  • Introducing Aiimi Insight Engine
  • Architecture
    • Overview and Key Concepts
    • Search Flows
      • Search Flow Types
      • Smart Filtering
      • Query and Prompt Classification
      • Search Algorithms
      • Extractive and Generative Models
    • Hosting Options
    • Architecture and How It Works
      • Agent Servers
        • Security Agent
        • Source Agent
        • Content Agent
        • Enrichment Agent
        • Job Agent
        • OCR Agent
        • Migration Agent
        • Tika Agent
      • Repository
        • Data Node
        • Proxy Node
        • Kibana Node
      • Gateway and User Interface
      • Document and Data Sources
    • Deployment Options
    • Security
      • User Security
      • Data and Document Security
      • Source System Security
      • Firewalling
      • Agent Servers
      • Repository
      • Gateway (Web Server)
      • Tools & Utilities
  • Installation
    • Elastic and Kibana Install (Windows)
    • Aiimi Insight Engine Installation (Windows)
      • Installation Security
      • Certificates in a Key Vault
      • SAR Configuration
      • CSOM Bridge Set Up
      • AI Studio
    • AI Services
      • Prerequisites
      • AI Enrichment Service
        • Installation and Setup
        • Enabling Enrichment Steps
        • Using AI Enrichment Steps
        • Performance and Concurrency
      • AI Model Service
        • Installation and Setup
        • Enabling Providers
        • Private Generative AI
        • Azure Open AI
        • Enabling AI History
        • HTML Cleaner Service
      • Configuration of Logging
      • Offline Set-up of Models
      • Using SSL
      • Running as a Service (Windows)
      • Using GPUs
      • AI and Semantic Search Set Up
        • Open & Closed Book AI
        • Semantic Search
          • Vectors for Semantic Search
          • Source Configuration
          • Sentence Transformer Models
          • Enrichment
          • Kibana
          • Final Search Flow
    • Email Threading Upgrade
  • Run Books
    • SharePoint Online Connector
  • Control Hub
    • Configurations
      • Config Management
      • Security Configurations
        • Security - General
        • Security - Source
          • Active Directory
          • Atlassian
          • Azure Active Directory
          • Builtin Security
          • Miro Security
          • Google Directory
          • Slack Security
        • Security - Sync
        • Security - Agents
        • Security - Scheduling
      • Source Configurations
        • Source - General
        • Source - Source
          • Alfresco Kafka
          • Azure Blob Storage
          • BBC Monitoring
          • Big Query Cataloguer
          • BIM360
          • CSV Data Loader
          • Confluence
          • Content Server
          • Data File Cataloguer
          • Document Store
          • DocuSign
          • Dropbox
          • Exchange 365
          • Filesystem
          • Google Bucket
          • Google Drive
          • Google Vault
          • Jira
          • JSON Data Loader
          • Livelink
          • MFiles
          • Microsoft Teams
          • Mimecast
          • Miro
          • ODBC Data Loader
          • PowerBi Cataloguer
          • Reuters Connect
          • ShareFile
          • SharePoint
            • Azure Portal and Azure AD Authentication
            • Sensitivity Labels
          • SharePoint Legacy
          • SQL Server Cataloguer
          • Slack
          • Versioned Document Store
          • Websites
          • XML Data Loader
        • Source - Crawl
        • Source - Agents
        • Source - Schedule
        • Source - Advanced
      • Enrichment Configurations
        • Creating a Pipeline
          • General
          • Steps
            • AccessMiner
            • AI Classification
            • Anonymiser
            • CAD Extractor
            • Checksum
            • Content Retrieval
            • Copy
            • Data Rule Processor
            • Delete
            • Email Extractor
            • Entity Rule Processor
            • External Links
            • Geotag
            • Google NLP Extractor
            • Google Vision Extractor
            • Metrics Calculation
            • Microsoft Vision Extractor
            • OcrRest
            • Office Metadata
            • PCI Extractor
            • REST
            • Set Document Risk
            • Text Cleaner
            • Tika Text Extraction
            • Trie Entity Extractor
            • Update Metadata
          • Filters
          • Agents
          • Schedule
          • Advanced
      • OCR Engine
      • Job Configurations
        • General
        • Job
          • AutomatedSearchJob
          • Command Job
          • ElasticJob
          • Extended Metrics Job
          • File Extractor
          • GoogleVaultSAR
          • Google Drive Last Access Date
          • Nightly Events Processor Job
          • Notifications Processor Job
          • Portal Sync Job
          • Purge Job
          • Text Content Merge Job
        • Output
        • Agents
        • Scheduling
      • Migration Configuration
        • General
        • Filter
        • Metadata Mappings
        • Agents
        • Scheduling
        • Advanced
    • Credentials
    • Mappings
      • Entities
        • Manage Entity Groups
        • Create an Entity
        • Manage an Entity
      • Models
        • Create a New Model
        • Find a Model
        • Enable or Disable a Model
      • Vectors
      • Rank Features
    • Featured Links
    • AI Settings
      • Classifications
      • Class
      • Class Rules
      • AI Classification
    • User Settings
    • Stats
      • Data Views
    • Global Settings
      • General
      • Authentication
      • App Settings
      • Application Access
      • Thumbnails
      • Presets
      • Code of Conduct
      • Metrics
      • Viewer
      • SAR
        • Importing Data For A SAR
        • SAR Disclosure Document Storage
        • Getting SAR data from Google Vault
        • SAR Access
        • SAR File Status
      • Disclosure Portal
        • Disclosure Portal Set Up
        • SARs From The Portal
        • Email Delivery Settings
          • Delivery Settings
          • Brand Settings
          • Customise Emails
        • SMS Delivery Settings
        • Requestor Message Limit
        • Attachment Configuration
        • Password Configuration
        • File Scanner Configurator
      • Collections
      • Visualisations
        • Related Result Connections Diagram
        • Event Timeline
        • Timeline Lens Activity Chart
        • Relationship Map
      • Notifications
      • Map Lens
      • Theming
      • User Avatar
      • OData API
      • Uploads
      • Security
    • Search Settings
      • Search Relevancy
        • Core Settings
        • Makers Algorithm
        • Filename Boost Layer
        • Minimum Matching Terms Filter
        • Field Boost
        • Modified Date Boosting
        • Hit Highlighting
        • Why My Search Matched
        • Data Search Strategy
      • Bulk Search
        • Managing a Bulk Search
      • Search Flows
        • Create a Search Flow
          • General
          • Query Classification Step
          • Search Steps
          • Model Steps
      • Filtering
      • Search Performance
      • Related Results
  • AI Studio
    • Classifications
      • Classifications
      • Classification Rules
    • Jobs
  • Labels
  • API Guides
    • Insight API Guide
      • Swagger Documentation
      • Trying Some Endpoints
      • Search Filter
      • Hits / Items
      • Inspecting REST Calls
    • Data Science API Guide
      • REST Interface
        • Login
        • Datasets
        • Fields
        • Field Statistics
        • Search
        • Scroll
        • Update
      • Python Wrapper
        • Login
        • Datasets
        • Fields
        • Field Statistics
        • Search
        • Query Builders
        • Scroll
        • Scroll Search
        • Update Single Document
        • Bulk Update
    • Creating a Native Enrichment Step
      • Creating an Enrichment Step
        • Creating the Core Classes
        • Extending our Enrichment Step
        • Adding a Configuration Template
        • Adding the Enrichment Step
        • Creating an Enrichment Pipeline
      • Other Tasks
        • Entities, Metadata and Data
        • Accessing the Repository
      • Example Code
      • Troubleshooting
    • Creating a Python Enrichment Step
      • Creating an Enrichment Step
        • Running the Example from Command Line
        • Running the Example
      • Creating Your Own Step
      • Adding or Changing Entities, Metadata
  • Whitepapers and Explainers
    • From a Billion To One – Mastering Relevancy
    • Methods for Text Summarization
      • Application
      • Technology Methods
      • Commercial Tools
      • Key Research Centres
      • Productionisation
      • Related Areas of Text Analytics
      • Conclusion
      • References
Powered by GitBook
On this page
  • Migrating from ACS to Azure AD
  • Azure Portal - Application Registration
  • Azure Portal - Certificates & Secrets
  • Azure Portal - API Permissions
  • Aiimi Insight Engine - Credentials
  • Aiimi Insight Engine – Source Configuration
  1. Run Books

SharePoint Online Connector

PreviousEmail Threading UpgradeNextConfigurations

Last updated 15 days ago

Migrating from ACS to Azure AD

Migrating from ACS with Sites.FullControl.All permissions to Azure AD with Sites.FullControl.All permissions.

If you are authenticating using ACS (Azure Communication Services) with Sites.FullControl.All permissions enabled, it will be important to migrate away from ACS by 2nd April 2026.

The preferred way of authenticating is to use an App Registration in Azure Portal. This registers an application with Entra ID (previously Azure AD), manages authentication with Entra ID and allows invocation of supported applications, such as SharePoint via API permission scopes.

This document details how to configure an application in Azure Portal and the changes required in Control Hub to use it. It will assist anyone migrating from ACS to Azure AD.

Azure Portal - Application Registration

To register the SharePoint connector application within Azure Portal, follow these steps:

  1. Navigate to

  2. Ensure you are in the correct Azure Directory.

  3. In the search bar, type “App Registrations” or click the shortcut under Azure Services.

  4. Select New registration.

  5. Name - Give the application a user facing name

  6. Supported account types - Consider if the application will be used specifically within this directory or other directories within your organisation.

  7. Redirect URI (optional) – This is not required.

  8. Select Register.

    • This will take you to the registered application page.

  9. From here you will see an overview of your application detailing important information such as, Application (client) ID, Directory (tenant) ID.

    • You will need this information later in the process.

Azure Portal - Certificates & Secrets

You can now create and apply a self-signed X.509 certificate to authenticate with and invoke SharePoint Online via the registered application. Alternatively, you may also use an X.509 certificate issued by your preferred Certificate Authority (CA), although the certificate is not client facing.

This Cmdlet requires:
  • Running PowerShell 7 running in Administrator mode.

  • The PnP.PowerShell module to be installed.

  1. Open a new PowerShell terminal and run the following command.

    • Be sure to save the certificate files to a preferred location and give it an appropriate, strong password.

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -CertificatePassword (ConvertTo-SecureString -String "<Your Password>" -AsPlainText -Force) 
  1. Make sure you both the .cer and .pfx files are saved:

    • The .cer (public key) will be uploaded to the registered application in Azure Portal.

    • The .pfx (private key) will be uploaded to the Credential Store in Aiimi Insight Engine Control Hub.

Apply the certificate to the registered application

  1. In Azure Portal, select Certificates & Secrets.

  • This will take you to the Certificates & Secrets page.

  1. Ensure you are on the Certificates tab.

  2. Select Upload certificate.

  3. Find and select the generated .cer file created using the New-PnPAzureCertificate.

  4. Description – Add a description of how the certificate will be used.

  5. Select Add.

Your certificate is now uploaded and associated with the registered application in Azure.

Azure Portal - API Permissions

Now you have a registered application backed with a certificate, you are ready to add API Permissions.

  1. In Azure Portal, under Manage, select API Permissions.

    • By default, there will always be Microsoft Graph, User.Read permissions. This is required and should remain in place.

  2. Select Add a permission.

  3. Under Microsoft APIs, select SharePoint.

  4. Select Application permissions.

    • This is very important to ensure no user credentials are required for authentication and the context is not scoped to a single user.

  5. From the available permissions, select Sites.FullControl.All.

    • This is currently the only API permission level we readily support for the SharePoint Online connector.

    • Permission levels lower than this, Sites.Read.All for example are not yet proven and may have unintended consequences.

    • We are actively working to allow the SharePoint Online connector to run in a read-only mode.

  6. Select Add permission.

  7. You will see that permission is applied but not yet granted to the registered application.

    • You must grant admin consent for any permission applied.

    • This is necessary to allow silent authentication for APIs, without which the application would require a user invoked authentication flow.

  8. Select Grant admin consent for <organisation>.

  9. Select Yes to confirm this selection when prompted.

You have now applied Sites.FullControl.All API permission to the registered application.

Aiimi Insight Engine - Credentials

Now everything is configured in Azure Portal, you need to change any existing configurations in Aiimi Insight Engine Control Hub.

  1. Within the Control Hub select Credentials.

  2. On the Credentials page, select New Credential.

  3. Select Certificate for the credentials type.

    • This will reveal the relevant input fields for uploading a certificate.

  4. Credential ID – Enter an ID for this credential.

    • It must be lowercase, with no spaces and no special characters.

  5. Credential Name – Enter a user-friendly name for this credential.

  6. Password – Enter the password associated with the certificate previously generated.

  7. Expiry Date (DD-MM-YYYY) – This will automatically populate according to the certificate’s expiry.

    • You can add a date to the certificate expiry date if you prefer. It must not be in the past or after the certificate’s expiry date.

  8. Import Certificate – Either drag and drop the .pfx part of the certificate or manually upload it using the “browse files” link.

    • If using “browse files” in Windows Explorer, enable “All Files (*.*)" when searching.

    • Only valid certificates can be uploaded.

  9. Select Create.

You can now see your new certificate credential in the Credential Store.

Aiimi Insight Engine – Source Configuration

Now you have a registered application in Azure, backed with a certificate/public key, API permissions applied and an associated private key (.pfx) stored in AIE Control Hub, you can configure a SharePoint source.

  1. Navigate to Aiimi Insight Engine Control Hub.

  2. Click Configurations.

  3. If applying to an existing source, find the existing SharePoint source configuration.

    • The following connectivity steps apply to new source configurations too.

  4. Select Edit on the configuration.

  5. On the Source tab, choose the Connection sub tab.

  6. Client ID – Enter the Application (client) ID of the registered application.

    • You can find this in the Overview on the Azure Portal.

  7. Directory (Tenant) ID – Enter the Directory (tenant) ID for the registered application.

    • You can find this in the Overview on the Azure Portal.

  8. Select Credential – Select the certificate credential associated with the .pfx file.

  9. Select Save.

You are now ready to run a crawl without using ACS authentication.

This guide explains how to set this up with the PnP.PowerShell Cmdlet ,New-PnPAzureCertificate. It generates a self-signed certificate and manifest settings for using SharePoint CSOM (Client Object Model) via app-only application API permissions, as detailed here:

https://portal.azure.com
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azuread