Accessing Microsoft 365 tenants

Register the Relativity Collect application to access Microsoft 365. When registering the application, the Microsoft 365 administrator creates a Microsoft Application ID and secret. This ID and secret are used to configure data sources in Collect and provides access to the Office 365 tenants. You can register the application through Azure Portal or by registering the application permissions through the Microsoft App Registration Portal. After registering the application, request administrator consent. From there, it is possible to revoke application access.

This page contains the following information:

Registering the application

Allow Relativity access by first registering the application in Microsoft 365. Register the application permissions through Azure Portal.

Running concurrent collection jobs

Collect supports one active collection job per registered Microsoft 365 Application ID. You can register the Relativity Collect application in Microsoft 365 more than one time and each registration is assigned a unique Application ID. If you are going to be running collections in more than one workspace, consider creating a separate Relativity Collect application registration in Microsoft 365 for each workspace in your Relativity instance.

Registering the Collect application and setting permissions

Register your application permissions through Azure Portal to access tenants.

Start registering your app by following the steps below:

Note: This needs to be done on the client side by an Azure user with sufficient rights.

  1. Open your Azure Portal.
  2. Click More Services.
  3. Search for and select Azure Active Directory.
  4. In the left-navigation menu, click App registrations.
  5. Click New Registration.
    This will open the Register an application page.
  6. Enter an application name in the Name field.
  7. Select Accounts in this organizational directory only as the supported account type.
  8. Enter the redirect URL, http://localhost/, as the sign-on URL.

  9. Click Register.

For more information on registering an application in Azure, see Microsoft's documentation or Microsoft's authentication documentation.

From the app's page, add permissions to the web API. To add permissions, follow the steps below:

  1. Select Manage > Manifest in the left-navigation menu.
  2. Locate the requiredResourceAccess property in the manifest, and add the following inside the square brackets ([]):
    {
        "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
        "resourceAccess": [
            {
                "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
                "type": "Role"
            }
        ]
    }
    
  3. Click API Permissions.
  4. Click Add a permission.
  5. Click Microsoft Graph.
  6. Select Application Permissions.
  7. Select the following options from the Application Permissions section: 
    • Calendars. - Read.
    • Contacts. - Read.
    • Files. - Read.All.
    • Mail. - Read.
    • Sites. - Read.All
    • User. - Read.All
  8. Click Add permissions.
  9. Confirm that the Office 365 Exchange Online - full_access_as_app permission is listed.

  10. Click Grant Permission.

Finally, grant Admin consent for the API by following the steps below:

  1. Click the API Permissions tab.
  2. Click Grant admin consent for [tenant].
  3. In the pop-up window, click Accept.

    Notes: If you do not have the ability to grant Admin consent for application permissions, you will need to find an Admin that can consent.

Once clicked, the window will show all permissions granted.

  1. Verify all permissions have been granted.
  2. Click Accept to grant the permissions.
  3. In the left navigation menu, click Certificates & secrets.
  4. Click New client secret.
  5. Enter a description in the Description text box.
  6. Set the expiration time frame to Never.
  7. Click Add.
  8. Click on the clipboard and copy secret to clipboard to paste in your text document.
      Notes: In this step you should copy the secret and save it as you will need it to set up your data sources in Collect. Microsoft will only show this secret this one time, there is no way to recover a secret if it is forgotten or lost.

Make a note of the application ID that Microsoft assigned to the app registration. This ID is also required for setup of data sources in Collect.

Provide your Relativity Admin the Application ID and the Client Secret for setup of Relativity Collect.

Finding Azure credentials

If an application is already created and you need to find the application information to complete the Source Connection step, follow the steps below:

In the Azure Portal,

  1. Click Azure Active Directory.
  2. In the left-navigation menu, click Enterprise applications.
  3. In the list of applications, locate your application by filtering or sorting.
  4. Click your application.
    This will open the application page.
  5. In the left-navigation menu, click Properties.
  6. Copy the Application ID.

Limiting Application Registration access to accounts

Limit the access of Relativity Collect to specific Microsoft user accounts and mailboxes by using the New-ApplicationAccessPolicy Powershell cmdlet. For more information, see Microsoft's documentation.

Revoking Application Access

The application can be revoked from https://portal.azure.com or by using a PowerShell script. For more information, see Microsoft's documentation.

To revoke access from https://portal.azure.com,

  1. Navigate to Enterprise Application.
  2. Click All applications.
  3. Locate your application.
  4. Press the application link.
  5. Press the Delete.

Relativity Collect no longer has access.

Revoking access via Powershell

Revoking access via Powershell can be done using the Remove-MsolServicePrincipal script. See below for an example of retrieving and deleting an application registration using Powershell.

Get-MsolServicePrincipal -AppPrincipalId 19ab8a2e-ccce-4fa8-a9ee-eb16e220d602

    ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled : True
Addresses : {}
AppPrincipalId : 19ab8a2e-ccce-4fa8-a9ee-eb16e220d602
DisplayName : Relativity-Development-Application
ObjectId : 51798fb3-e72c-4373-8c63-6e7d0dd63ad7
ServicePrincipalNames : {19ab8a2e-ccce-4fa8-a9ee-eb16e220d602}
TrustedForDelegation : False    

Remove-MsolServicePrincipal -AppPrincipalId 19ab8a2e-ccce-4fa8-a9ee-eb16e220d602