Connecting Amazon Q Business to SharePoint Server 2016 using the console - Amazon Q Business

Connecting Amazon Q Business to SharePoint Server 2016 using the console

The following procedure outlines how to connect Amazon Q Business to SharePoint Server 2016 using the AWS Management Console.

Connecting Amazon Q to SharePoint Server 2016

  1. Sign in to the AWS Management Console and open the Amazon Q console at https://console.aws.amazon.com/amazonq/business/.

  2. Complete the steps to create your Amazon Q application.

  3. Complete the steps for selecting an Amazon Q retriever.

  4. Then, from Data sources – Add an available data source to connect your Amazon Q application.

    You can add up to 5 data sources.

  5. Then, on the SharePoint Server 2016 page, enter the following information:

  6. Name – Name your data source for easy tracking.

    Note: You can include hyphens (-) but not spaces. Maximum of 1,000 alphanumeric characters.

  7. In Source, enter the following information:

    1. In Source, for Hosting Method – Choose SharePoint Server.

    2. Choose SharePoint Version – Choose SharePoint 2016.

    3. Site URLs specific to your SharePoint repository – Enter the SharePoint host URLs. The format for the host URLs you enter is https://yourcompany/sites/mysite. The URL must start with https protocol. Separate URLs with a new line. You can add up to 100 URLs.

    4. Domain – Enter the SharePoint domain.

    5. SSL certificate location – Enter the Amazon S3 path to your SSL certificate file.

  8. For Web proxy – optional – Enter the host name (without the http:// or https:// protocol), and the port number used by the host URL transport protocol. The numeric value of the port number must be between 0 and 65535.

  9. For Authorization – Amazon Q Business crawls ACL information by default to ensure responses are generated only from documents your end users have access to. See Authorization for more details. For SharePoint Server, you can choose from the following ACL options:

    1. Email ID with Domain from IDP – Access control is based on email IDs that are extracted from email domains fetched from the underlying identity provider (IdP). You provide the IdP connection details in your Secrets Manager secret during Authentication.

    2. Email ID with Custom Domain – Access control is based on email IDs. Provide the email domain value. For example, "amazon.com". The email domain is used to construct the email ID for access control. You must enter your email domain using Add Email Domain.

    See Authorization for more details.

  10. For Authentication, choose between SharePoint App-Only authentication, NTLM authentication, and Kerberos authentication, based on your use case.

    1. Enter the following information for both NTLM authentication and Kerberos authentication:

      For AWS Secrets Manager secret – Choose an existing secret or create a Secrets Manager secret to store your SharePoint authentication credentials. If you choose to create a secret, an AWS Secrets Manager secret window opens. Enter the following information in the window:

      • Secret name – A name for your secret.

      • Username – Username for your SharePoint account.

      • Password – Password for your SharePoint account.

      If using Email ID with Domain from IDP, also enter your:

      • LDAP Server Endpoint – Endpoint of LDAP server, including protocol and port number. For example: ldap://example.com:389.

      • LDAP Search Base – Search base of LDAP user. For example: CN=Users,DC=sharepoint,DC=com.

      • LDAP username – Your LDAP username.

      • LDAP Password – Your LDAP password.

    2. Enter the following information for SharePoint App-Only authentication:

      For AWS Secrets Manager secret – Choose an existing secret or create a Secrets Manager secret to store your SharePoint authentication credentials. If you choose to create a secret, an AWS Secrets Manager secret window opens. Enter the following information in the window:

      • Secret name – A name for your secret.

      • Client ID – The SharePoint client ID that you generated when you registered App Only at Site Level. The ClientID format is ClientID@TenantId. For example, ffa956f3-8f89-44e7-b0e4-49670756342c@888d0b57-69f1-4fb8-957f-e1f0bedf82fe.

      • SharePoint client secret – The SharePoint client secret generated when your register for App Only at Site Level.

        Note: Because client IDs and client secrets are generated for single sites only when you register SharePoint Server for App Only authentication, only one site URL is supported for SharePoint App Only authentication.

      If using Email ID with Domain from IDP, also enter your:

      • LDAP Server Endpoint – Endpoint of LDAP server, including protocol and port number. For example: ldap://example.com:389.

      • LDAP Search Base – Search base of LDAP user. For example: CN=Users,DC=sharepoint,DC=com.

      • LDAP username – Your LDAP user name.

      • LDAP Password – Your LDAP password.

  11. Configure VPC and security group – optional – Choose whether you want to use a VPC. If you do, enter the following information:

    1. Subnets – Select up to 6 repository subnets that define the subnets and IP ranges the repository instance uses in the selected VPC.

    2. VPC security groups – Choose up to 10 security groups that allow access to your data source. Ensure that the security group allows incoming traffic from Amazon EC2 instances and devices outside your VPC. For databases, security group instances are required.

    For more information, see VPC.

  12. Identity crawler – Amazon Q crawls identity information from your data source by default to ensure responses are generated only from documents end users have access to. Only Local Group Members will be crawled by Identity crawler. For more information, see Identity crawler.

  13. IAM role – Choose an existing IAM role or create an IAM role to access your repository credentials and index content.

    For more information, see IAM role.

  14. In Sync scope, choose from the following options :

    1. Select entities – Choose the entities that you want to crawl. You can select to crawl All entities or any combination of Files, Attachments, Links, Pages, Events and List Data.

    2. In Additional configuration – optional, for Entity regex patterns – Add regular expression patterns for Links, Pages, and Events to include specific entities instead of syncing all your documents.

    3. Regex patterns – Add regular expression patterns to include or exclude files by File path, File name, File type, OneNote section name, and OneNote page name instead of syncing all your documents. You can add up to 100 patterns.

  15. In Sync mode, choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Q for the first time, all content is synced by default.

    • Full sync – Sync all content regardless of the previous sync status.

    • New or modified content sync – Sync only new and modified documents.

    • New, modified, or deleted content sync – Sync only new, modified, and deleted documents.

    For more details, see Sync mode.

  16. In Sync run schedule, for Frequency – Choose how often Amazon Q will sync with your data source. For more details, see Sync run schedule.

  17. Tags - optional – Add tags to search and filter your resources or track your AWS costs. See Tags for more details.

  18. Field mappings – A list of data source document attributes to map to your index fields. Add the fields from the Data source details page after you finish adding your data source. You can choose from two types of fields:

    1. Default – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can't edit these.

    2. Custom – Automatically created by Amazon Q on your behalf based on common fields in your data source. You can edit these. You can also create and add new custom fields.

      Note

      Support for adding custom fields varies by connector. You won't see the Add field option if your connector doesn't support adding custom fields.

    For more information, see Field mappings.

  19. To finish connecting your data source to Amazon Q, select Add data source.

    You are taken to the Data source details, where you can view your data source configuration details.

  20. In Data source details, choose Sync now to allow Amazon Q to begin syncing (crawling and ingesting) data from your data source. When the sync job finishes, your data source is ready to use.

    Note

    You can also choose to view CloudWatch logs for your data source sync job by selecting View CloudWatch logs. If you get a Resource not found exception when you try to view your CloudWatch logs for a data source sync job in progress, it can be because the CloudWatch logs are not available yet. Wait for some time and check again.