Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

unable to browse the website on iis server for sharePoint integration

pinky_chauhan
New Contributor III
New Contributor III

Hi,

We are integrating saviynt with Sharepoint using 0365 connector and we are following the document Creating an Integration (saviyntcloud.com) but when i am trying to browse website its throwing below error:-

pinky_chauhan_1-1727339145893.png

SSL certificate is also binded with the site.

pinky_chauhan_2-1727339307156.png

This is the web.config we are using.ClientId and ClientSecret is of Azure AD application.We have only access to one particular site thats why given that in Siteurl.

pinky_chauhan_3-1727339625213.png

Please help.

 

 

 

 

17 REPLIES 17

rushikeshvartak
All-Star
All-Star

1. Verify SSL Certificate

  • Ensure that the SSL certificate is properly installed and is valid for the domain you're trying to access. You can use tools like SSL Labs to check the SSL configuration of your site.

2. Web.config Settings

  • Double-check the entries in your web.config file, especially the <appSettings> section. Make sure the ClientId, ClientSecret, and SiteUrl are correctly configured. The format for the SiteUrl should typically be:
     
     
    https://<yourtenant>.sharepoint.com/sites/<yoursite>
  • Ensure that there are no trailing slashes or typos in the URLs.

3. Azure AD Application Permissions

  • Make sure that the Azure AD application has the necessary permissions to access the SharePoint site. Typically, you'll need to grant permissions like Sites.Read.All or Sites.FullControl.All, depending on your needs.
  • After setting permissions, ensure that you have consented to the permissions for the application.

4. Authentication Issues

  • If you’re receiving an error related to authentication, verify that the ClientId and ClientSecret are correct and that the application is registered properly in Azure AD.
  • Ensure that your Azure AD application is set to allow public client flows if you’re using any user-delegated permissions.

5. Check for Specific Error Codes

  • The error image you referenced might provide specific error codes or messages. If it's a common issue, searching for the exact error message or code can yield specific solutions.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

hi @rushikeshvartak I’m encountering the same issue as described in the post O365 Connector on IIS - Saviynt Forums - 74993. Even after running the access job, I’m still getting the same error mentioned in the forum. Could you please let me know what solution was provided for this issue

pinky_chauhan_0-1727418479567.png

 

 

  • Does original issue resolved ?
  • Share import config for new issue ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pinky_chauhan
New Contributor III
New Contributor III

Hi @rushikeshvartak No, the original issue was not resolved, but according to Darshan Jain's comment on the O365 Connector on IIS - Saviynt Forums - 74993 below error message is expected.

pinky_chauhan_0-1727684311406.png

I am now able to successfully run the account job. However, when running the access job, I encountered the error Failed-url-/api/GetSiteCollections, apiRequestDetails-{"environment":"Online"}, Error-no protocol: /api/GetSiteCollections .

This issue was resolved by updating the SAVIYNT_CONNECTOR_DOMAIN in connection but I am still unable to fully validate the access import job as the client has updated the Azure secret value, and I am waiting for them to provide the new one. Once I have that, I will proceed with validating the access job

 

pinky_chauhan_1-1727684534910.png

 

pinky_chauhan
New Contributor III
New Contributor III

hi @rushikeshvartak i am getting below error while running the access import job.

pinky_chauhan_0-1727878140003.png

pinky_chauhan_2-1727878504850.png

 

 

 

Is it working from postman ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

hi @rushikeshvartak No, I tried using both the access token from the SharePoint principal and Azure AD, but I'm getting the same error.

pinky_chauhan_0-1727938625272.png

 

hi @rushikeshvartak We have opened port 8443 to connect to the Windows server, where the IIS server and the O365 agent are installed, from the Saviynt SC 2.0 server. After running the access import job again, we are encountering the following error

Exception in callRestWebService - Webservice call failed : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

pinky_chauhan
New Contributor III
New Contributor III

The access import job is now completing successfully after uploading the certificate in Saviynt's certificate management and selecting it in the connection. However, no entitlements are being retrieved from SharePoint.

pinky_chauhan_0-1728040867453.png

pinky_chauhan_0-1728044627570.png

and some error in logs.

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak using classic integration while running access import job ,job is getting successful but no entitlements are coming and in saviynt logs getting below error:-

"groovy.sql.Sql.commit Commit operation not supported when using datasets unless using withTransaction or cacheConnection - attempt to commit ignored"(attached-SharePoint with commit error.txt)

and using design application onboarding integration getting 403 error and access import job is getting failed with the error:-

Failed url-https://*.*.*.*:****/api/GetSiteCollections, apiRequestDetails-{"environment":"Online"} with Error-"Saviynt O365 Connector WebException: The remote server returned an error: (403) Forbidden."(attached-SharePoint Test with 403 error.txt)

using the azure ad access token getting below:-

pinky_chauhan_0-1728491907892.png

For Azure AD app we have Sites.ReadWrite.All permissions under Microsoft graph with admin consent.

Below is the connection configuration: -

pinky_chauhan_2-1728492318146.png

pinky_chauhan_3-1728492419249.png

pinky_chauhan_5-1728492494042.png

 

 

 

 

 

 

 

 

You have missing access. Please work with team and get required access


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak We have followed all the steps outlined in the Creating an Integration (saviyntcloud.com) and granted all the necessary permissions. For the Azure AD app, we have assigned the following permissions, and for the SharePoint service principal, we have provided tenant-level permission with full control. Could you please assist in identifying if any specific permissions might have been missed?

pinky_chauhan_0-1728547736986.png

 

Please check with Azure Team on required access


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pinky_chauhan
New Contributor III
New Contributor III

Hi @rushikeshvartak The Azure AD team doesn't have detailed information on the specific site permissions needed for Saviynt to access SharePoint Online. We've already assigned Sites.FullControl.All with admin consent but are still encountering an access denied error.

pinky_chauhan_0-1729236171169.png

 

Azure AD permissions:-

pinky_chauhan_1-1729236228981.png

when we are validating from rest graph api we are able to get all site,list,file,folder informations but when we are running https://graph.microsoft.com/v1.0/sites/{site-id}/permissions we are getting below response(no data is coming even after sites.FullControl.All permission) .

 

Please raise support ticket for further troubleshooting support agent may help


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

The issue was resolved by reinstalling the O365 agent provided by the Saviynt team from a functioning O365 agent