Office 365

The steps below need to be followed to prepare your Office 365 business account to be Cirrus ready. We recommend that this is done by someone with an IT role/background.

Prerequisite

• Minimum 1 Microsoft 365 Business Basic license (includes Word, Excel, SharePoint and OneDrive)
• Full Administrative access to the Microsoft 365 Business account
• Closely following the steps or Microsoft Azure/Office 365 expertise.
• Share permission for sharepoint should be set on 'Anyone'

Glossary

Microsoft's product branding strategy can easily lead to confusion so we list some important product names here:

• Office365 - Microsoft's online hosted / cloud version of Office; covers Word/Excel, SharePoint, OneDrive, ...
• Word/Excel - No confusion here but note only a browser is needed to use the Office365 versions (so Word or Excel do not have to be installed).
• SharePoint - Delivers the online version of Word/Excel
• OneDrive - Contains the files used by the online version of Word/Excel
• Azure - Microsoft's Cloud hosting Office365. Office365 administrators use the Azure Portal, note Microsoft Azure in the screenshots below.
• Azure AD / AAD / ActiveDirectory - The cloud version of ActiveDirectory containing the users, roles and permissions.
• MS Graph - The latest REST API to let systems like Cirrus talk to Office365.

Register application in AzureAD

1. Sign in to Microsoft Application Registration Portal with your MS admin account.

2. Click “New registration”

3. Enter the name for an application, e.g. “Cirrus Office365 Integration”

4. Select “Accounts in this organizational directory only (Default AzureAD directory - Single tenant)”

5. Click “Register”

6. Copy “Application (client) ID” and “Directory (tenant) ID” and save somewhere

7. Go to “Certificates & secrets” and click “New client secret”

8. In the opened dialog write any description and select an expire period in “Expires” dropdown.

Then click “Add”
{height="" width=""}
#### 9. Copy generated client secret and save somewhere

10. Go to “API permissions” and click “Add a permission”

11. In the opened sidebar select “Microsoft Graph”

12. Select “Application permissions” and add two permissions “User.Read.All”, “Files.ReadWrite.All”

You can use the search in the list below.

13. Click “Grant admin consent”

14. Check "Roles and Administrators"

This should be either "Cloud application administrator" or a custom role with permissions to read all users and read/write any file or folder used with Cirrus.

Setting Up integration in Cirrus

1. Admin > Global settings > Tab 'Connected accounts'
2. Fill the data from AzureAd application:
   “Application (client) ID” > Created in step 6
   “Directory (tenant) ID” > Created in step 6
   “Client secret”, > Created in step 9
   “Service account user name” > (The MS account from the same organization with Office365 licence).

Check status of connecting O365 business account with Cirrus

• Login Microsoft Azure
• In search field enter “active”
  
  In search field enter “active”.

• Choose Azure Active Directory
  Open Sign-ins> Service principal sign-ins. You can see status of the connection there.

TROUBLESHOOTING

Error handling

Cirrus provides a detailed error message on:

• Admin setup O365 integratoins
• Candidate delivery
• Creating items
• Marking scripts
  

Common Errors

• The operation failed bacause sharing has been disable on this site
  Please go to office.com > admin > search on 'sharing'. When clicking on the right side the sharing options appears and you can click on: "You can also change the external sharing settings for ‎SharePoint‎."
  Make sure it's been shared with anyone

• The resource could not be found
  This error could be caused by different reason:

  • The office file is been removed from the one drive.
  • The integration user account has been changed and connection was lost with the old questionconnection.

• This link has been disabled
  This could be shown from a marker perspective or when viewing the already marked scripts in reports.
  This is related to the sharing permisson, please see error message: "The operation failed bacause sharing has been disable on this site"

• Unable to retrieve user's mysite URL (failed to register applciation
  The error is possibly caused because the user does not have ODFB(OneDrive For Business) site created, you can check if the user have create OneDrive site (the OneDrive site will be created while the user first time to use it)

Setup integration checklist

• Does the configured user have a Office 365 Business license?
• Does the configured user have the correct permissions? See 14. Check "Roles and Administrators"
• Does the app registration have the correct API permissions? See 12. Select “Application permissions” and add two permissions “User.Read.All”, “Files.ReadWrite.All”
• Are the sharing permissions correctly setup, please make sure 'sharepoint share permission' is set to 'Anyone' See The operation failed bacause sharing has been disable on this site
• As an addition above, in the advanced sharing permissions it's possible to setup an expire date. We advise not to use this