SharePoint
Watch video
How to integrate ONLYOFFICE Docs with SharePoint
Integrate ONLYOFFICE online editors with your SharePoint and co-author office documents in real time.About the ONLYOFFICE and SharePoint integration
To edit your documents within SharePoint collaborative platform, you can connect ONLYOFFICE Docs with the document library either via an official ONLYOFFICE connector or using WOPI.
Main features
- Editing text documents, spreadsheets, and presentations using the Edit in ONLYOFFICE option within the context menu of the file and the ribbon (when using an official connector) or clicking the file (when using WOPI).
- Co-authoring documents in real-time: use two co-editing modes (Fast and Strict with the official connector, Fast only over WOPI), the Track Changes feature, comments, and a built-in chat.
access_token_ttl
property to 10 hours for the Fast co-editing mode. The Strict co-editing mode might negatively affect the access token parameter.Supported formats
For the official connector:
- For viewing and editing: DOCX, XLSX, PPTX, PPSX.
- For viewing only: PDF, DJVU, TXT, CSV, ODT, ODS, ODP, DOC, XLS, PPT, PPS, EPUB, RTF, HTML, HTM, MHT, XPS.
For WOPI:
- For viewing and editing: DOCX, XLSX, PPTX, DOCM, XLSM, PPTM, ODT, ODS, ODP, TXT, CSV.
- For viewing only: PDF, DJVU, XPS.
What's new in version 3.0.0
Added
- JWT support
- Document Server v6.0 and earlier is no longer supported
The full change log is available here.
Connecting ONLYOFFICE Docs to SharePoint
Requirements
-
ONLYOFFICE Document Server v7.1 (server or cloud version) or later
You need to enable WOPI following this instruction.
You need an instance of ONLYOFFICE Docs that is resolvable and connectable both from SharePoint and any end clients. It must be able to POST to SharePoint directly.
Please refer to the official documentation page to learn more about installing ONLYOFFICE Docs. - SharePoint 2019
- ONLYOFFICE Connector 3.0 for SharePoint
Installing and configuring ONLYOFFICE and SharePoint
The ONLYOFFICE SharePoint integration solution is an official ONLYOFFICE connector available on GitHub page under the GNU AGPL v.3 licence.
- Click Start, point to All Programs, point to Administrative Tools, then click Services, and make sure that SharePoint Administration service is started.
- Click Start, click SharePoint Management Shell, go to the directory with the .wsp file.
-
Run the Install.ps1 script:
PS> .\Install.ps1
-
Enter your SharePoint site address:
https://<yoursharepointsite>
Instead of steps 3 and 4 you can type the following command:Add-SPSolution -LiteralPath<solutionpath>/onlyoffice.wsp
On the SharePoint Central Administration home page, click System Settings > Farm Management > Manage farm solutions. On the Solution Management page, click onlyoffice.wsp, then click Deploy Solution.
- On the SharePoint Central Administration home page, under Application Management, click Manage web applications.
- Make sure you select your site and click the Authentication Providers icon.
- In the Authentication Providers pop-up window click Default zone.
- Under Edit Authentication, check Enable anonymous access and click Save.
- Going back to Web Application Management click on the Anonymous Policy icon.
- Under Anonymous Access Restrictions select your Zone and set the Permissions to None – No policy and click Save.
-
In SharePoint open the /_layouts/15/Onlyoffice/Settings.aspx page with administrative settings. Enter the following address:
Where the documentserver is the name of the server with the ONLYOFFICE Docs installed. The address must be accessible for the user browser and from the SharePoint server. The SharePoint server address must also be accessible from ONLYOFFICE Docs for correct work.https://<documentserver>/
Starting from ONLYOFFICE Docs v7.2, JWT is enabled by default and the secret key is generated automatically. You need to enable it on the SharePoint side as well: find your secret key in the ONLYOFFICE Docs configuration file, then specify the same secret key in the SharePoint administrative settings. For more details, see the Enabling JWT for the ONLYOFFICE and SharePoint integration section of this article.
If JWT protection is enabled, it is necessary to specify a custom header name since the SharePoint security policy blocks external 'Authorization' Headers. This header should be specified in the ONLYOFFICE Docs signature settings as well (further information can be found here).
Enabling JWT for the ONLYOFFICE and SharePoint integration
To protect documents from unauthorized access, ONLYOFFICE editors use the JSON Web Token (JWT). The token is added in the configuration when the Document Editor is initialized and during the exchange of commands between inner ONLYOFFICE Docs services. The secret key is used to sign the JSON web token and validate the token upon the request to ONLYOFFICE Docs.
Starting from ONLYOFFICE Docs v7.2, JWT is enabled by default and the secret key is generated automatically. You need to find your secret key in the ONLYOFFICE Docs configuration file, then specify the same secret key in the connector settings.
Step 1: Find your secret key in the ONLYOFFICE Docs configuration file
-
Open the local.json file with any available text editor.
- For Linux -
/etc/onlyoffice/documentserver/local.json
- For Windows -
%ProgramFiles%\ONLYOFFICE\DocumentServer\config\local.json
-
For Docker – enter the ONLYOFFICE Docs container using the
docker exec -it <containerID> bash
command and open/etc/onlyoffice/documentserver/local.json
Alternatively, you can use the following command to find the default secret key without opening local.json:
sudo docker exec <containerID> /var/www/onlyoffice/documentserver/npm/json -f /etc/onlyoffice/documentserver/local.json 'services.CoAuthoring.secret.session.string'
The local.json file should look like this:
{"services": {"CoAuthoring": {"token": {"enable": {"request": {"inbox": true,"outbox": true},"browser": true}},"secret": {"inbox": {"string": "yoursecret"},"outbox": {"string": "yoursecret"},"session": {"string": "yoursecret"}}}}}
- For Linux -
-
The
true
value is specified in three sections. It means that token validation is enabled.services.CoAuthoring.token.enable.browser
services.CoAuthoring.token.enable.request.inbox
services.CoAuthoring.token.enable.request.outbox
-
The automatically generated secret key is specified in three sections. You can replace the default secret value with your own secret key. The secret key must be the same in three sections.
services.CoAuthoring.secret.inbox.string
services.CoAuthoring.secret.outbox.string
services.CoAuthoring.secret.session.string
-
If you make changes, save them and restart the services for the config changes to take effect.
supervisorctl restart all
Step 2: Specify the same secret key in the connector settings
In the connector settings, specify the same secret in the Secret key field and save the settings.
Connecting ONLYOFFICE Docs using WOPI
You can also connect ONLYOFFICE Docs with SharePoint over WOPI, a REST-based protocol that issues HTTP requests to a set of REST-endpoints when a client establishes a connection to the server with your data.
- The editors do not support the Version History feature.
- No support for the Mail Merge feature.
- The editors do not support inserting an image from your storage.
- No support for comparing documents from your storage.
- No support for the following formats: DOC, XLS, PPT.
To connect ONLYOFFICE to SharePoint over WOPI,
- Make sure you meet the requirements.
-
Open your SharePoint server. Run the SharePoint Management Shell console and set the needed WOPI zone with the following command:
Set-SPWOPIZone -Zone "external-http"
The documentserver uses theexternal-http
parameter by default. -
Run the following command to check whether there are WOPI bindings to other document types on the current farm:
Delete these bindings, if any, by running the following command:Get-SPWOPIBinding
Remove-SPWOPIBinding -All:$true
-
Create new bindings for default actions as per file types.
Run the following command to create bindings for all file types at once:
Run the following command to create bindings for particular file types only:New-SPWOPIBinding -ServerName ip_or_domain.com:port
New-SPWOPIBinding -ServerName ip_or_domain.com:port -Extension DOCX
If SSL is not used, add-AllowHTTP
at the end of the command.