How it works

When you enable the Word 365 online connector, iCasework uses the MS Graph API to enable secure online correspondence editing and management. Correspondence generated by iCasework is initially stored in a Sharepoint site associated with an Office 365 Group. Correspondence is edited directly in the browser, or can be downloaded to be edited in an installed Word instance linked to Office 365. Documents are stored on the Office 365 Group site until they are published by the user. They are then saved back into the iCasework system as read only PDF where they can be viewed, printed, attached to an email, or sent for processing through a remote postal API, and are removed from the Office 365 Group site.

How to set up the connector

Setting up the connector involves working in your Office 365 and Microsoft Azure Admin portals - you will need to have permissions to access the screens below in iCasework and Office 365 / Azure Portal, and an administrator account may be needed to grant the required permissions.

You will create a Sharepoint site and associated Office 365 group, and an app registration for iCasework correspondence and SSO. All values will be added to the iCasework screens pictured below, where sensitive credentials are encrypted.

Log into https://portal.office.com then click on the Admin icon. Navigate to Admin centres >> Sharepoint >> Sites >> Active sites.
Click on Create >> Team site. Give the site a name and a description, select a Group owner. Under Advanced settings set the timezone and select Privacy: Private - Only members can access this site, then click Next to add the site. The site will be used to store iCasework working documents, and the steps in this section will also have created an Office 365 Group, which we will use in subsequent steps. (Note: some customers have reported permissions problems having created a Sharepoint site and group via CLI - we recommend following the approach described here.
Log into http://portal.azure.com, navigate to the Azure Active Directory section, then click Groups. Access the new group associated with your Sharepoint site (it will use the name you gave the site) and copy the Object ID to share with the consultant.

4. If you have previously created an App Registration for Open Id single sign-on navigate to that App Registration and continue from step 6. If you have not yet created an App Registration then navigate into the App Registrations section of the Azure Portal, and click on New Registration

5.Give the App registration a name, and ensure that Supported Account Types is set to "Accounts in this organizational directory only". Add Redirect URL of type Web, referencing the login screen of your iCasework system.

It is recommended that a separate application is set up for the UAT and production environment. The UAT URI is https://uat.icasework.com/login. For the live environment, an additional report server URL is required. The URI’s are https://[YouriCaseworkSystem].icasework.com/login and https://[YouriCaseworkSystem]reports.icasework.com/login

6. In the API Permissions section of your new App registration, click Add a permission. Select Microsoft Graph >> Application permissions. "Type to search" for the permission: Sites.Selected, this will allow the iCasework application to access a subset of site collections without a signed-in user. The specific site collections and the permissions granted will be configured in SharePoint Online.

7. Once the permission is added, you will need an Azure Admin to click on the "Grant admin consent ..." button, both in App registrations >> [Your App] >> API permissions, and also in Enterprise applications >> [Your App] >> Permissions, where an Enterprise application will have been created as part of the App registration process. You should also edit Enterprise applications >> [Your App] >> Properties to set assignment required? to be Yes, if you wish to assign users to the application before they can authenticate in Azure. If you don't do this, iCasework will still prevent unauthorised access by domain users that don't have iCasework accounts, or will create default accounts if Auto-provisioning of users is enabled.

8. To complete the setup, you will need to confirm the specific site and permission allowed. Go to https://developer.microsoft.com/en-us/graph/graph-explorer and sign in using your administrator account. Please make sure your administration account is also the owner of the SharePoint group and has also been assigned the role of Sharepoint Administrator in order to grant permissions to the Microsoft Graph API.

9. Create a POST request
POST https://graph.microsoft.com/v1.0/groups/[Group ID]/sites/root/permissions
In the body of the request copy and paste the code below replacing the text below including the square brackets.

{ "roles": [ "write" ], "grantedToIdentities": [ { "application": { "id": "[Application Client ID]", "displayName": "[Permission description]" } } ] }

You will need to replace

[Group ID] – Object ID of Group (associated with SharePoint site)

[id] – Client ID of the application

[displayName ] – Permission description

10. You will need to set a permission in Graph Explorer to allow the above command to run - when signed is as your administrator user, click on the modify permissions tab and open the permission panel. Search for sites and consent to the permission Sites.FullControl.All

11. Hit run query. You should receive an HTTP 201 Created response - if not review your error and resolve appropriately.

12. Go back into https://portal.azure.com/ Navigate to the "Certificates and secrets section" of your App registration. Click "New client secret". Set an appropriate expiry date and click add. Supply the value of the secret to an iCasework analyst so they can configure this into your iCasework system.

13. Move back to App registrations. Access your new App registration and copy the Client (Application) ID and Directory (Tenant) ID. Within your new App registration, access the Endpoints button. Copy the OpenId connect metadata document URL and also supply these details along with the object ID of the sharepoint site to an iCasework analyst.

Using the connector

Click on Edit >> Edit letter next to any piece of correspondence:

2. The letter should open in Word online in your browser, where edits and changes will be auto-saved in your document.

3. Simply close your document when you have made your changes, and either come back to edit again later, or when ready "Send document to print" if configured centrally, or print locally and "Mark sent".