SharePoint
Connecting SharePoint to LightBeam
Overview
LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.
Example: SharePoint, OneDrive, AWS S3, Google Drive, etc.
Connecting SharePoint Data Source
Log in to your LightBeam Instance.
Click on DATASOURCES on the Top Navigation Bar.
Click on Add a Data Source.
Search for “SharePoint”.
Click on SharePoint.
Fill in the details as shown below and click on Next:
Basic Information
Data Source Name: This is the unique name given to the data source.
Description: This is an optional field needed to describe the use of this data source.
Primary Owner: Email address of the person responsible for this data source. In case of alerts, this email ID will get alerts by default.
Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities.
Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.
Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes entities found in any other data source are accurate or not.
A Source of Truth data set would create entities based on the attributes found in the data.
Location: The location of the data source.
Purpose: The purpose of the data being collected/processed.
Stage: The stage of the data source.
Example: Source, Processing, Archival, etc.
Datasource Configuration
Provide the credentials as shown below and click on Test Connection.
Connection Details
Client Id: It refers to the unique identifier assigned to the Azure portal application that is used for integrating LightBeam with the SharePoint data source. It is generated when you register an application in the Azure portal.
Client Secret value: It is a confidential key or password associated with the Azure portal application. It is used to authenticate and authorize the application when accessing SharePoint resources. The Client Secret value is generated when you create a new client secret in the Azure portal.
Scan Data: It refers to a configuration setting that determines the frequency at which the data from the SharePoint data source is scanned or updated. In this case, it is mentioned as "10 Minutes," indicating that the data will be scanned or updated every 10 minutes.
Tenant Id: It is a unique identifier assigned to the Azure Active Directory (AAD) tenant associated with the organization. It represents the organization's directory or identity store in Azure AD. The Tenant Id is obtained from the Azure portal.
Status: It indicates if the current state of the integration between LightBeam and the SharePoint data source is currently active or inactive.
Verify that you get the message “Connection Success!”. Click on Next.
In this step, you can choose :
Scan all sites
Scan selected sites
Add sites under inclusion or exclusion list.
Click on Save.
Appendix
Steps to Generate SharePoint Data Source Credentials
Log in to https://azure.microsoft.com/en-gb/
Click on Portal.
Click on the Search box on the top navigation bar. Type and search “App Registrations”.
Click on App Registrations.
Click on New Registration. Add details as shown below and click Register.
Click on Certificates and secrets.
Click on New client secret.
Fill in the client secret details in the Description and Expires fields.
Click on Add.
Copy the Client Secret value and keep it secure for future use as you will not be able to retrieve it later.
Example: x_sWncr4m~.2lFeKlWR1pu3SgT42lg.254
Configure API Permissions.
Click API permissions -> Add a permission -> Microsoft Graph -> Application permissions -> Add following permissions.
AccessReview.Read.All -> To get file sharing list of file
Domain.Read.All -> To get list of all organization domains
GroupMember.Read.All -> To get list of all members of groups
Sites.Read.All -> Here we have provided sites selected permission
User.Read -> Default permission enabled for any app
User.Read.All -> This is required for test connection on LightBeam.Once permission is added, click on Grant admin consent for Lightbeam.ai.
Once the permissions are added, your application is ready to register.
Click on Overview and get Application Client Id and Directory Tenant Id.
With this now we have all the required configuration parameters like Client ID, Client Secret value, Tenant ID, and Delegated credentials (User Email ID) to onboard the OneDrive datasource to LightBeam.
SUCCESS TIP: We recommend creating a dedicated Azure portal application specifically for integrating LightBeam with the Sharepoint data source. This application should be exclusively used for this purpose and not shared or repurposed for any other clients or applications. By doing so, you ensure secure and efficient access control, as well as maintain proper management of the LightBeam-Sharepoint connection.
About LightBeam
LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.
For any questions or suggestions, please get in touch with us at: [email protected].
Last updated