What is it?
New StreamBIM Pro projects can be configured to automatically synchronize folders and files from a customer's Sharepoint site on Office365. The sync is one-way from Sharepoint to StreamBIM. Sharepoint hosted internally by the customer is not supported.
NB! "Old" projects, meaning projects with lots of folders and drawings that have been manually uploaded and labelled, require a manual cleanup job AFTER automatic sync has been enabled.
What do you have to tell us to get started?
- Your Office365 tenant ID. Here is one way to find it: https://support.office.com/en-us/article/find-your-office-365-tenant-id-6891b561-a52d-4ade-9f39-b492285e2c9b
- Sync user. On the customer's Office365 account we need a user account that has read access to the drive or folder to be able to synchronize it's content. We need the username and password for this user account.
- Sharepoint site (eg yourcompany.sharepoint.com).
- Sharepoint drive name (or a Drive for Business drive name).
- Optional: Sharepoint group name. If a group name is not provided the root of the site will be used.
- Optional: Sharepoint folder. If a folder name is not provided the root folder of the drive will be synchronized.
Items 1 and 2 can only be provided by an Office365 administrator. Items 3..6 can be obtained by anyone with read access just by navigating to the correct drive or folder and sending the URL to us.
How does it work?
- StreamBIM pulls folders and files from a specific location on a Sharepoint site (or Drive for Business folder). There is nothing to install or run on the Office 365 side.
- StreamBIM uses the secure Microsoft Graph API to authenticate with and fetch content from Office 365. See https://developer.microsoft.com/en-us/graph/docs/concepts/overview for more details.
- StreamBIM uses the secure OAuth2 3-legged authentication flow to gain read-access to specific folders on Office 365 as a specific user. See https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow for a (quite technical) explanation. Summarized:
- Rendra has registered StreamBIM as an Office 365 application. It means our server can identify itself as StreamBIM, and Azure ActiveDirectory knows how to send credentials and error messages to the StreamBIM server.
- The customer’s Office 365 administrator creates a new user account, eg “rendrasync”, on the customer Office 365 tenant with minimal privileges typically read-only access to specific Sharepoint sites or libraries.
- Rendra starts the first sync manually. This routes us to the Office 365 login screen where we have to login as “rendrasync” and click Yes when Office 365 asks if we want to grant StreamBIM read access to folders and documents. Office 365 creates credentials (a refresh token) that gives StreamBIM – and no one else – access to SharePoint content as user “rendrasync” - and no one else - and sends the credentials to the StreamBIM server.
- StreamBIM uses the credentials to login and perform automated synchronization of folders and files from SharePoint / Drive.
- The customer can revoke the StreamBIM credentials at any time, stopping further access.