OneDrive

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: OneDrive, AWS S3, Google Drive, SharePoint, etc.

Connecting OneDrive Data Source

1. Login to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on “Add a data source”.

1. Search for “OneDrive”.

1. Click on OneDrive.

1. Fill in the requested information and click on Next.

Basic Information

• Data Source Name: This is the unique name given to the data source.

• Description: This is an optional field needed to describe the use of this data source.

• Primary Owner: An email address of who is responsible for this data source and in case of alerts this email ID will get alerts by default.

• Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called as entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

• Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.

• Location: The location of the data source is indicated here.

• Purpose: The purpose of why the data is being collected/processed.

• Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

Datasource Configuration

Add your organisation’s domains (e.g. @company.com, @company.ai, etc). You can add more than 1 domain separated by comma. All members within these domains will be considered as internal members. Any communication with members outside with domain will be marked as external.

Follow the steps below to set up your data source.

1. Credentials:

   • Client Id: Input the unique identifier designated to your application or service.

   • Client Secret value: Enter the confidential passphrase or token associated with your client ID.

2. Additional Configuration:

   • Scan Data: Specify how frequently you want the system to perform scans.

   • Tenant Id: Provide the identifier that segregates data in multi-tenant systems.

   • Status: Toggle this to set the operational status of the data source. "Active" indicates it's ready for use.

3. Verify Connection:

   • Once the above details are filled out, click on Test Connection to ensure that the configuration is correct and the system can connect using the provided details.

1. Once you get the message “Connection Success” on the screen, click on Next.

2. In this step, you can choose

   1. Domain which you want to scan for: This is optional field where you specify the domain name which you want to scan from total detected domains.

   2. Select Drive(s) for scanning: Email address of drives which you want include or exclude from scanning.

1. Click on Save.

Now we are ready to browse through the onboarded OneDrive datasource dashboard.

Appendix

Steps to Generate OneDrive Data Source Credentials

2. Click on Portal.

1. Click on the Search box on the Top Navigation bar. Type and search “App Registrations”.

2. Click on App Registrations.

1. Click on New Registration. This will show the screen as seen in Fig.8.

Add details as shown below and click on Register.

Make sure that the redirect URL is as follows:

https://login.microsoftonline.com/common/oauth2/nativeclient

1. Click on Certificates and secrets.

2. Click on New client secret.

3. Fill in the client secret value in the Description and Expires fields.

4. Click on Add.

1. Copy the Client Secret Value and keep it secure for future use as you will not be able to retrieve it later.

Example: x_sWncr4m~.2lFeKlWR1pu3SgT42lg.254

1. Configure API Permissions.

Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions

Then add the following permissions:

Domain.Read.All
Directory.Read.All 
Files.Read.All 
User.Read.All 
GroupMember.Read.All 
AccessReview.Read.All 

1. Once permissions are added, click on Grant admin consent for “Lightbeam.ai.”

Once the permissions are added, your application is ready to register.

Click on Overview and get the Application Client Id and the Directory Tenant Id.

With this, we have all the required configuration parameters like Client ID, Client Secret value, Tenant ID, and Delegated Credentials (User Email ID) to onboard the OneDrive datasource to LightBeam.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.