Article last updated on the 7th of May, 2024.
Contents
1. Downloading WorkPoint Express Installation files
Please go to this article for guidance regarding WorkPoint Express download.
2. Centralized deployment
If you want to deploy WorkPoint Express to multiple users at once see this article for more information.
3. Locating WorkPoint Solution ID
Your WorkPoint Solution ID is a collection of configuration settings for WorkPoint Express.
Providing the Solution ID is a required step when installing WorkPoint Express. Therefore, being able to locate the Solution ID is important. The following steps describe how to locate the Solution ID.
- In the WorkPoint Administration, under "Get started with WorkPoint Express, click the "here" link.
- In the "WorkPoint Express" page, you will find the Solution ID for your solution. This is the Solution ID which is required for installing WorkPoint Express and should either be written down or copied to the clipboard for use in the installation wizard.
4. Installing WorkPoint Express
The following section describes how to install WorkPoint Express once.
Once you have downloaded the installation file, open it to run the WorkPoint Express installation wizard.
- In the welcome step, click "Next".
- In the WorkPoint Solution ID step, enter the Solution ID into the text field.
- Click "Next".
- Select which Office applications WorkPoint Express should be installed to. In deselected applications you will not be able to use WorkPoint Express.
- Click "Next".
- In the "Ready to install the Program" step, click "Install". If prompted by the Windows operating system, click "Yes" to allow the installation.
- When the installation is complete, click the "Finish" button.
5. Providing consents for WorkPoint Express functionality
Consents only need to be granted once. As consents are given on behalf of your organization, it is required that the person granting consent has the Global Admin role in Office 365.
For all aspects and functions of WorkPoint Express to work properly, the necessary consent(s) for your use case need to be granted:
WorkPoint Express (WorkPoint 365)
This consent is required if using WorkPoint Express up against a WorkPoint 365 solution. This consent requires prior consent to the WorkPoint 365 Web API.
WorkPoint Express (WorkPoint 365 + Email Manager)
This consent is required if using WorkPoint Express up against WorkPoint 365 and Email Manager 365. This consent requires prior consent to the WorkPoint 365 Web API and the WorkPoint EMM API.
WorkPoint Express (SharePoint Online)
This consent is required if using WorkPoint Express up against SharePoint Online without a WorkPoint 365 solution. This consent requires no prior consents.
When granting permissions for WorkPoint Express it will ask for a set of Delegated permissions.
Delegated permissions are granted to applications that act on behalf of a user. They are used when an application needs to interact with SharePoint Online resources within the context of a specific user. Delegated permissions allow users to authorize applications to access their SharePoint Online data while maintaining control over the level of access granted. These permissions are commonly used by applications that integrate with SharePoint Online, such as third-party tools or custom-built solutions.
The main difference between Application permissions and Delegated permissions lies in the context of access. Application permissions operate independently of any specific user, while Delegated permissions act on behalf of a user with their explicit consent.
To work properly, WorkPoint Express requires the following delegated permissions:
Delegated permissions | Claim value | Description |
---|---|---|
Read and write items in all site collections | AllSites.Write |
Allows the app to create, read, update, and delete documents and items stored in SharePoint. This is key functionality for WorkPoint Express. |
Read all groups |
Group.Read.All |
Allows the app to read information about all groups in SharePoint Online. |
Read directory data |
Directory.Read.All |
Grants the app the ability to read information from the Entra ID associated with the SharePoint Online tenant. |
Sign-in and read user profiles |
User.Read |
Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. |
Read items in all site collections |
Sites.Read.All |
Allows the application to read documents and list items in all site collections on behalf of the signed-in user. |
Access WorkPoint365 Web API (basic) (WorkPoint365.WebAPI) |
user_impersonation_basic |
Provides access to the basic features of the WorkPoint365 Web API, allowing the app to interact with WorkPoint365-specific functionality. |
Regarding data privacy and access, it is important to note that the permissions granted to an application, including the specific permissions mentioned in the previous section, are designed to define the scope of access for that application within the SharePoint Online environment. While the permissions granted to the app allow it to interact with user data, it is crucial to understand that these permissions do not automatically grant access to WorkPoint employees or any other external parties.
Microsoft has implemented robust security measures to protect user data within SharePoint Online. The permissions framework ensures that the app can only access the data it has been explicitly granted access to, either through user consent (delegated permissions) or system configuration (application permissions). WorkPoint employees or any other third parties do not have direct access to user data solely based on the permissions granted to the app.
Please note that you can always review or remove the permissions granted to WorkPoint Express from your organization’s Entra ID.
You can grant the WorkPoint Express consents using the following links in your web browser.
Note that you need to substitute [TENANT NAME] in the links with the name of your Microsoft 365 tenant.
WorkPoint Express (WorkPoint 365) This consent requires prior consent to the WorkPoint 365 Web API:
https://login.microsoftonline.com/[TENANT NAME].onmicrosoft.com/v2.0/adminConsent?client_id=9fee23e0-db6c-4998-9802-38ec7baf7869&scope=.default&redirect_uri=https://workpoint365.com
WorkPoint Express (WorkPoint 365 + Email Manager) This consent requires prior consent to the WorkPoint 365 Web API and the WorkPoint EMM API:
https://login.microsoftonline.com/[TENANT NAME].onmicrosoft.com/v2.0/adminconsent?client_id=9fee23e0-db6c-4998-9802-38ec7baf7869&scope=Directory.Read.All%20Group.Read.All%20Sites.Read.All%20User.Read%20https://microsoft.sharepoint-df.com/AllSites.Write%20https://workpoint365.dk/WorkPoint365.WebAPI/user_impersonation%20https://workpoint365.com/EMM365.WebAPI/user_impersonation&redirect_uri=https://workpoint365.com
WorkPoint Express (SharePoint Online):
https://login.microsoftonline.com/[TENANT NAME].onmicrosoft.com/v2.0/adminconsent?client_id=9fee23e0-db6c-4998-9802-38ec7baf7869&scope=Directory.Read.All%20Group.Read.All%20Sites.Read.All%20User.Read%20https://microsoft.sharepoint-df.com/AllSites.Write&redirect_uri=https://workpoint365.com
Opening the consent links should take you to a login dialogue (here exemplified with the WorkPoint Express (WorkPoint 365) consent:
- Select an account or type in your Office 365 credentials to proceed.
- You can click the arrows to expand or collapse the information about what you grant consent to.
- Once you have read and understood what you consent to, click the "Next" button.
Next, you need to consent to grant the following permissions:
6. Adding solution to WorkPoint Express
Once WorkPoint Express is installed and running, you can add solutions to it.
The following steps describe how to add solutions to WorkPoint Express.
- In WorkPoint Express, click the "Menu" icon.
- In the menu, click "Settings...".
- In the "Sites" tab of the WorkPoint Express settings, click "Add" to add a solution.
In the "Add Site" window, you can add various types of solutions to WorkPoint Express. Depending on which type you select, you will be prompted to provide more information, such as site url, a user friendly name for the solution, etc.
6.1. Adding solutions common to groups
In some cases, you might want to allow a group of users to have access to certain WorkPoint or SharePoint sites, which others do not have access to. An example could be if an organization has two WorkPoint solutions, but one of them is only relevant to a few select people.
In this case, it is possible to define a Local- or an Entra ID group and make sites available to the members of that group.
For demonstration purposes, we will show how to set up a WorkPoint site specifically accessible to the members of an Entra ID group.
Note that this demonstration does not cover how to set up local- or Entra ID groups.
We begin by setting up the "Azure" settings in WorkPoint Express:
- In WorkPoint Express, click the "Menu" icon.
- In the pop-up menu, click "Settings".
- In the WorkPoint Express settings, open the "System" tab.
- In the System tab, open the "Miscellaneous" tab.
- In the "Azure" section of the Miscellaneous tab, input either the Primary Domain of your tenant, or your Tenant ID.
Both the primary domain and your tenant ID can be found by logging into the Entra ID portal at https://entra.microsoft.com/, as shown in the following image:
This process is done so that WorkPoint Express knows where to look for your Entra ID groups.
Next, we add the site to WorkPoint Express which needs to be accessible only to a specific Entra ID group:
- In the WorkPoint Express settings, on the "Sites" tab, we click the "Show sites common for all users" checker.
- Next, we click the "Add" button.
If you cannot enable the "Show sites common for all users" checker, ensure that you are member of the group set in the "Access Control" tab inside the "System" tab.
- Fill in all necessary information for your WorkPoint or SharePoint site.
- In the "Filter by" section, click the binoculars icon.
- If you have performed step 31 in this guide, you have two options; you can either search for groups locally, or in your Entra ID. If you did not perform step 31, you will not see this option, and whatever search query you use will search through your local Entra ID groups.
Note that nested groups are not supported in pt. 36.
We can now perform a search for the group which members should be able to see the site we are configuring in WorkPoint Express:
- In this example we search for "OneProAM 01".
- We select the group in the search results.
- To accept the selection, we click the "OK" button.
The group has now been added to the site configuration:
- You can remove the group from the site configuration by clicking the "X".
- To complete the configuration, we click the "OK" button.
At this point, you will be prompted to log in to the site you are adding to WorkPoint Express. After successful log in, the site now appears in the list of sites in WorkPoint Express:
Note that we are currently still in the "Show sites common for all users" mode. Any site listed here will only be accessible to members of the groups specified for the sites.
Comments
0 comments
Please sign in to leave a comment.