Office 365
  • 09 Mar 2023
  • 4 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

Office 365

  • Dark
    Light
  • PDF

Article summary

The steps below need to be followed to prepare your Office 365 business account to be Cirrus ready. We recommend that this is done by someone with an IT role/background.

Prerequisite

  • Minimum 1 Microsoft 365 Business Basic license (includes Word, Excel, SharePoint and OneDrive)
  • Full Administrative access to the Microsoft 365 Business account
  • Closely following the steps or Microsoft Azure/Office 365 expertise.
  • Share permission for sharepoint should be set on 'Anyone'

Glossary

Microsoft's product branding strategy can easily lead to confusion so we list some important product names here:

  • Office365 - Microsoft's online hosted / cloud version of Office; covers Word/Excel, SharePoint, OneDrive, ...
  • Word/Excel - No confusion here but note only a browser is needed to use the Office365 versions (so Word or Excel do not have to be installed).
  • SharePoint - Delivers the online version of Word/Excel
  • OneDrive - Contains the files used by the online version of Word/Excel
  • Azure - Microsoft's Cloud hosting Office365. Office365 administrators use the Azure Portal, note Microsoft Azure in the screenshots below.
  • Azure AD / AAD / ActiveDirectory - The cloud version of ActiveDirectory containing the users, roles and permissions.
  • MS Graph - The latest REST API to let systems like Cirrus talk to Office365.

Register application in AzureAD

1. Sign in to Microsoft Application Registration Portal with your MS admin account.

2. Click “New registration”

Screenshot 2021-07-22 at 15.53.17.png

3. Enter the name for an application, e.g. “Cirrus Office365 Integration”

4. Select “Accounts in this organizational directory only (Default AzureAD directory - Single tenant)”

5. Click “Register”

Screenshot 2021-07-22 at 15.53.59.png

6. Copy “Application (client) ID” and “Directory (tenant) ID” and save somewhere

Screenshot 2021-07-22 at 15.56.24.png

7. Go to “Certificates & secrets” and click “New client secret”

Screenshot 2021-07-22 at 15.56.53.png

8. In the opened dialog write any description and select an expire period in “Expires” dropdown.

Then click “Add”
Screenshot 2022-02-11 at 13.31.15.png{height="" width=""}
#### 9. Copy generated client secret and save somewhere
Screenshot 2021-07-22 at 15.58.05.png

10. Go to “API permissions” and click “Add a permission”

Screenshot 2021-07-22 at 15.59.01.png

11. In the opened sidebar select “Microsoft Graph”

Screenshot 2021-07-22 at 16.00.05.png

12. Select “Application permissions” and add two permissions “User.Read.All”, “Files.ReadWrite.All”

You can use the search in the list below.

Screenshot 2021-07-27 at 13.21.32.png

13. Click “Grant admin consent”

Screenshot 2021-07-27 at 13.22.02.png

14. Check "Roles and Administrators"

This should be either "Cloud application administrator" or a custom role with permissions to read all users and read/write any file or folder used with Cirrus.

Custom role requires Azure/Office365 expertise

We cannot support setting up custom roles so please ensure you involve experts with the required expertise when chosing this custom option.

image.png

Setting Up integration in Cirrus

  1. Admin > Global settings > Tab 'Connected accounts'
  2. Fill the data from AzureAd application:
    Application (client) ID” > Created in step 6
    Directory (tenant) ID” > Created in step 6
    Client secret”, > Created in step 9
    Service account user name” > (The MS account from the same organization with Office365 licence).
Do not revoke after going live!!!

When revoking after it has been used Cirrus loses the link to all existing data (!) candidate answers, created questions, etc...!

Check status of connecting O365 business account with Cirrus

  • Login Microsoft Azure
  • In search field enter “active”
    Screenshot 2021-07-27 at 13.22.58.png
    In search field enter “active”.

Screenshot 2021-07-27 at 13.23.26.png

  • Choose Azure Active Directory
    Open Sign-ins> Service principal sign-ins. You can see status of the connection there.

TROUBLESHOOTING

Error handling

Cirrus provides a detailed error message on:

  • Admin setup O365 integratoins
  • Candidate delivery
  • Creating items
  • Marking scripts
    Screenshot 2022-11-17 at 11.04.24.png

Common Errors

  • The operation failed bacause sharing has been disable on this site
    Please go to office.com > admin > search on 'sharing'. When clicking on the right side the sharing options appears and you can click on: "You can also change the external sharing settings for ‎SharePoint‎."
    Make sure it's been shared with anyone

  • The resource could not be found
    This error could be caused by different reason:

    • The office file is been removed from the one drive.
    • The integration user account has been changed and connection was lost with the old questionconnection.
  • This link has been disabled
    This could be shown from a marker perspective or when viewing the already marked scripts in reports.
    This is related to the sharing permisson, please see error message: "The operation failed bacause sharing has been disable on this site"

Screenshot 2022-11-17 at 11.22.34.png

  • Unable to retrieve user's mysite URL (failed to register applciation
    The error is possibly caused because the user does not have ODFB(OneDrive For Business) site created, you can check if the user have create OneDrive site (the OneDrive site will be created while the user first time to use it)

Setup integration checklist

Screenshot 2022-08-19 at 10.01.50.png


Was this article helpful?