Collaborative authoring connects Vault to Microsoft 365 to allow multiple users to edit a document at the same time using the Microsoft 365 desktop software, the Microsoft 365 mobile apps, or Microsoft 365 on the web. Only users with edit and download permissions can edit a document with collaborative authoring. Collaborative authoring can be used with Microsoft Word (*.docx), Excel (*.xlsx), and PowerPoint (*.pptx) documents.
Collaborative authoring is not enabled in your Vault by default. You must configure your Vault to make this feature available to users.
Configuration Overview
Before you can use collaborative authoring with Microsoft 365, you need to:
- Have a Microsoft 365 tenant.
- Register your Vault in Azure AD.
- Create a Vault Collaboration user in Azure AD.
- Create a dedicated shared document library for collaboration.
- Authorize your Vault to connect to your Microsoft 365 tenant.
- Set up automatic invitations for external users.
- Enable external collaboration in SharePoint.
Registering Your Vault in Azure AD
Your Microsoft 365 business subscription includes Azure Active Directory (Azure AD). To use collaborative authoring, you must register your Vault as an application in Azure AD. Vault needs certain permissions to access your Microsoft 365 account.
- Register a new application in Active Directory.
- Under Redirect URIs, select Web.
- Enter your Vault’s Redirect URI as follows: https://{Your Vault DNS}/ui/clientTiles/office365/oauth2 Example: https://veeva-qms.veevavault.com/ui/clientTiles/office365/oauth2
- Add a Microsoft Graph permission with the following delegated permissions:
- Files.ReadWrite.All
- User.Read
- offline_access
- openid
- profile
- Optional: Add a Microsoft Graph permission with the following delegated permissions.
- User.Invite.All
- User.ReadWrite.All
- Directory.ReadWrite.All
- On the Azure app page, click Certificates & Secrets.
- Click New client secret.
Creating a Vault Collaboration User
The Vault Collaboration user is the Microsoft 365 user that is authorized to access your Vault.
- Create a new user in Active Directory called vaultcollaboration@{yourdomain.com}. Replace yourdomain.com with your Microsoft 365 domain name.
- Assign a Microsoft 365 license to the new user.
Creating a Shared Document Library for Collaboration
The shared document library is a SharePoint team site where your Vault documents are temporarily stored while they’re being edited. The SharePoint permissions should not allow users to access or share Vault documents directly through Microsoft 365.
- Create a new team site in the SharePoint Admin Center. See details about site naming restrictions below.
- Set the privacy settings for the team site to Private.
- Add the Vault Collaboration user you created to Additional Owners. The Vault Collaboration user should be the only owner of the site.
- Set the permissions to Stop inheriting from parent.
- Remove all permissions for the default Site Members and Site Visitors groups.
- Ensure that no users are placed in the Site Members or Site Visitors groups. This is important to prevent access to the document library through the SharePoint user interface.
- Under Access Request Settings, clear all checkboxes.
Naming Restrictions for SharePoint Sites
Follow these rules when naming your SharePoint site:
- In general, your site name should not include the following special characters:
.
,(
,)
,{
,}
,[
,]
,'
,"
,<
,>
,?
. In some cases, you can use some of these characters before.com
in your site URL. - You cannot end your site URL with a forward slash (
/
).
Connecting Your Vault to Your Microsoft 365 Account
Once you have configured Microsoft 365 to work with Vault, you need to connect your Vault to your Microsoft 365 account.
Important: Vault UI refers to Microsoft 365 as Microsoft Office, Office Online, and Office 365.
- Log in to your Vault.
- Navigate to Admin > Settings > Checkout Settings and click Edit.
- Fill in the Collaborative Authoring with Microsoft Office fields. See field details in the table below.
- Click Authorize.
- When prompted, log in with the Vault Collaboration username and password. If you are not prompted to log in, you may already be logged into Microsoft 365 as yourself. Log out and try to authorize again, or retry in a private browser session.
- When the checkout settings are authorized, the Integration Status will show as “Verified.” Click Save.
Field Name | Description |
---|---|
Directory (tenant) Id | The automatically-generated Tenant ID listed on the App Overview page of the Vault application you created in Azure AD |
Application (client) Id | The automatically-generated Client ID listed on the App Overview page of the Vault application you created in Azure AD. |
Client Secret | Create a new secret for the Vault application in Azure AD. |
Collaboration User | The username for the Vault Collaboration user you created in Azure AD. |
Collaboration Drive | The URL to the Documents folder on the SharePoint team site you created. |
Warning: Once you have connected Microsoft 365 to Vault and used collaborative authoring, changing these settings could cause permissions errors. If you must change these settings, make sure the Vault Collaboration user has Owner access to previous SharePoint drives.
Automatically Inviting External Users
External users are collaborators with email addresses from different domains. In order to use collaborative authoring with external users, you’ll need to enable automatic invitations through Azure in your Vault. Once automatic invitations are enabled, Vault sends external users an email invitation when they click Edit to start or join a collaborative authoring session, automatically adding them to the session. External users can then join or start the session by clicking Edit. Note that external users do not need to accept the email invitation to collaborate and join a session.
To enable automatic invitations:
- In your Vault, navigate to Admin > Settings > Checkout Settings.
- Click Edit.
- Under Office User Settings, select the Auto Invite External Users checkbox.
- Click Confirm in the Re-authorization Required dialog.
- Click Authorize.
- Click Save.
Enabling External Collaboration in SharePoint
When configuring collaborative authoring, you’ll also need to enable external collaboration and access to your SharePoint content. To learn more, view the SharePoint documentation.
Removing Collaborative Authoring with Microsoft 365 Settings
If you want to turn off collaborative authoring, you can remove the checkout settings. This option will only be available if there are no documents currently being edited in Microsoft 365.
Warning: Removed settings are not saved. If you remove the collaborative authoring checkout settings and later decide you want to turn collaborative authoring back on, you will have to re-enter the settings.
- Log in to your Vault.
- Navigate to Admin > Settings > Checkout Settings and click Edit.
- Click Remove Settings.
- Click OK to confirm that you want to remove these settings.
- Click Save.