This section describes how to set up Office 365 review by configuring the remote site settings, Azure app, and Office 365 settings. 

Prerequisites

  • You have subscribed to Microsoft Office 365 E3 or E5.
  • Azure Client ID, Client Secret, and Active Directory are available. Contact your IT administrator to get these.
  • Users are allowed to use Office 365. For more information, see Prerequisites for Parallel Review.
  • A SharePoint site with external sharing settings is configured to enable sharing agreement documents with external stakeholders. For more information, Overview of external sharing in SharePoint and OneDrive in Microsoft 365 (Microsoft Documentation).
  • To use site.selected permission, there is a pre-configuration needed from SharePoint admin where Azure app should be given the right access to the configured SharePoint site. For more information, see Develop Applications that use SitesSelected permissions for SPO sites.

  • The following email templates are configured according to your Office 365 review requirement:

    • Agreement Office365 External Review Notification
    • Agreement Office365 Internal Review Notification
    • End Review Office 365
    • Office365 Review Cycle Cancel Notification
  • The following comply system properties are configured:

    • Enable Parallel Review

    • XAJS End Point 

    • Enable Document Versioning

  • The following admin entries are configured:
    • APTS_Protection
    • APTS_Password
    • APTS_RetainFileNameForParallelReviewMergedDocument

Restriction

Users can end Office 365 review via email when you configure application permission flow but not delegated permission flow.

To configure remote site settings 

  1. Go to Setup > Security > Remote Site Settings.
  2. Click New Remote Site.
  3. Enter the remote site name.
  4. Enter https://login.microsoftonline.com/ in the Remote Site URL field for the Office 365 login.
  5. Select the Active checkbox.
  6. Click Save & New.
  7. Enter the remote site name.
  8. Enter https://graph.microsoft.com/ in the Remote Site URL field for the MS Graph URL.
  9. Select the Active checkbox.
  10. Click Save & New.
  11. Enter the remote site name.

  12. Enter a remote site URL in the Remote Site URL field for the SharePoint URL.

    The SharePoint URL is specific to your domain and Microsoft license. 

  13. Select the Active checkbox.
  14. Click Save.

To collect the Azure client ID and client secret from the Azure portal

  1. Log in to the Azure portal as an administrator.

  2. Select Azure Active Directory.

  3. Select App registrations.

  4. Select New registration and enter Conga CLM Application.

  5. Click Register.

  6. From the left navigation bar, select Overview.
  7. Copy the Application (Client) ID.
  8. From the left navigation bar, select Certificates & secrets.
  9. Click New client secret
  10. Add a description, select the validity duration, and select Add.
  11. Copy the value.

Configure one of the following flows in the Azure app

To configure delegated permission flow

  1. In the authentication tab from the Azure app that you had created in the previous configuration, add a URI with the org's instance URL and with the suffix as /apex/apttus__MSAuthorize appended.
    Sample value: https://test–tbox.my.salesforce.com/apex/apttus__MSAuthorize
  2. Select API permission under API Permission > Add permission > Microsoft Graph > Delegated Permission.
  3. Provide the following permissions for Microsoft Graph APIs:
    • User.ReadBasic.All

    • Directory.Read.All

    • Files.ReadWrite.All

    • Sites.Read.All

      Note

      If you want to use more restricted Microsoft permission for delegated flow, then configure the below permissions:

      • Directory.Read.All
      • Sites.Read.All


  4. On the API Permissions page, click Grant admin consent for the permissions where "Admin consent required" is "Yes".

To configure application permission flow

  1. Select API permission under API Permission > Add permission > Microsoft Graph > Application Permission.
  2. Provide the following permissions for Microsoft Graph APIs:
    • Directory.Read.All
    • Files.ReadWrite.All
    • Sites.Read.All
    • Sites.Selected

      Note

      If you want to use more restricted Microsoft permission for application flow, then configure below permissions:

      If SharePoint Site is usedIf SharePoint Site is not used

      Directory.Read.All

      Directory.Read.All

      Sites.Read.AllSites.Read.All
      Sites.Selected
  3. On the API Permissions page, click Grant admin consent for the permissions where "Admin consent required" is "Yes".

To configure a specific SharePoint site (Optional)

Create a SharePoint Communication Site. For more information, see Create a Site in SharePoint (Microsoft documentation).

You must use the site name from the URI as shown in the screenshot when you are configuring SharePoint Site Office 365 Setting in CLM.

To configure the Office 365 custom settings

Restriction

You can add multiple Office 365 settings but can activate only one Office 365 setting at a time.

  1. Click the App Launcher () icon in the upper left-hand corner of the Home screen.
  2. From the App Launcher, search and select Office 365 Settings.
  3. Click New.
  4. Enter the following details to connect to Office 365:

    1. Name: Office365

    2. MS Login URL: Enter the Office 365 login URL to connect to the service. To find Tenand Id, see How to find your Azure Active Directory tenant ID.
      Sample valuehttps://login.microsoftonline.com/<TenantID>/oauth2/v2.0/

    3. MS Graph URL: Enter the Office 365 URL to connect to the service. 
      Value: https://graph.microsoft.com/v1.0/

    4. Scope: Enter the scope to be used in the Office 365 Graph API.

      Make sure your values match those of the configured authentication flow.


      For application flow (Permit Delegation is disabled in the Office 365 setting): https://graph.microsoft.com/.default
      For delegated flow (Permit Delegation is enabled in the Office 365 setting):
      offline_access Files.ReadWrite.All

    5. Client Id: Enter the client ID. (Refer to step 7 in the previous configuration)
      Sample value: 8m7r4**d-****-4c**-b4d8-e4a6b***79b

    6. Client Secret: Enter the client secret. (Refer to step 11 in the previous configuration)
      Sample value: taiLWUY*****38&7B%400$5234c***UY%

    7. Show Client Secret: Select the checkbox to expose the Client Secret field value.

    8. SharePoint Site: Enter the Microsoft SharePoint Site you use for Office 365 review. (Ensure you do not enter the site URL. For more information, see SharePoint Site Configuration.)
      Sample value: CLMsite

      If no SharePoint site is configured then the system uses the organization's default site.

    9. Folder Path: Enter the folder path to upload documents to SharePoint.
      Sample value: ContractDocuments

      If the folder path is blank, the system creates a folder named "Conga CLM Temp Folder" to store the documents to be reviewed.

    10. Permit Delegation: After you log in to Microsoft, select the Permit Delegation checkbox, enabling users to grant delegate access.

      Select the Permit Delegation checkbox only if you configured your Azure app for delegated flow.

    11. Allow Accept/Reject from Third Party: Select the checkbox to allow external reviewers to accept or reject changes in the documents sent to them for review.
    12. Active: Select the Active checkbox to activate the Office 365 setting.
  5. Click Test Connection to check if all the entered values are correct.
  6. Click Save.