Configuring SharePoint 2013 / SharePoint 2016 Integration

Setting Up TeamOrgChart for Intranet as a SharePoint Add-in

TeamOrgChart for Intranet  is a "High-trust SharePoint Add-in" and as such must be registered on the SharePoint farm on which it is to be installed.

Prior configuring TeamOrgChart for Intranet you should have configured the target SharePoint 2013/2016 Farm for "Add-In" or App installation.

The SharePoint configuration guide is accessible via the TeamOrgChart for Intranet application using this URL http://yourserver/Intranet/AppGuide and contains the scripts that are required to configure the integration with SharePoint.

Register the SharePoint Add-In Using Appregnew.aspx

Register the App

Navigate to _layouts/15/appregnew.aspx page on your SharePoint installation.  For more information on appregnew.aspx refer to this Microsoft Guide.

Click the Generate buttons to generate values for the add-in ID and secret. The secret is not actually used in high-trust SharePoint Add-ins, but the form requires one. 

Provide the base URL of the domain where TeamOrgChart Intranet will run. Do not include the protocol (HTTPS) in the domain, but you have to include the port that the remote components will use for HTTPS requests if it is not 443 (for example, or MyAppServer:4444).

In this example, the remote web application server is listening for HTTPS requests on the default port 443, so it's not necessary to specify the port in the add-in domain. 


IMPORTANT : Copy the Client Id generated value and save it for future use.  It is required in subsequent steps in the configuration and is referred to as the CLIENTID

Choose Create to finish app registration.

Configure the SSL Security Certificate

SharePoint Add-ins use digital certificates to establish trust between SharePoint and the remote components that access SharePoint.  The video on this page gives an overview of Server-to-Server ( S2S ) configuration with SharePoint.

The certificate should be in two formats, Personal Information Exchange (pfx) and Security Certificate (cer).

If it is not in either of these formats when originally obtained, it can be converted using a utility. Also, once a pfx format version has been obtained, the pfx file can be imported into IIS and then the cer version exported as described below.

If the certificate is originally obtained is a .cer format, it will contain both the private and public keys. As a general practice, the .cer file that is used by SharePoint should not contain the private key. Consider importing the original certificate to IIS and then exporting a new cer version that does not include the private key as described below. 


To configure the TeamOrgChart for Intranet server and pfx certificate

Give the .pfx certificate a strong password.

Import the certificate into IIS on the remote web server with these steps:

  • In IIS Manager, select the ServerName node in the tree view on the left.
  • Double-click the Server Certificates icon.
    • Select Import in the Actions pane on the right.
    • On the Import Certificate dialog, use the browse button to browse to the .pfx file, and then enter the password of the certificate.
    • If you are using IIS Manager 8, there is a Select Certificate Store drop down. Choose Personal. (This refers to the "personal" certificate storage of the computer, not the user.)
    • If you don't already have a cer version, or you do but it includes the private key, enable Allow this certificate to be exported.
    • Click OK.

To open the Windows Certificate Store

  • On the same server, open the Microsoft Management Console
  • Add the Certificates snap-in for the computer account. Be sure to use the procedure for the computer, not a user or service. Choose the local computer, not "another" computer, when prompted.


Skip the next procedure if you are using ISS Manager 8.
Additional steps for ISS Manager 7 to get the certificate into the Windows Certificate Store

  • Create a folder on the server file system to be used as a very temporary storage place for the certificate.
  • In IIS Manager, select the ServerName node in the tree view on the left.
  • Double-click the Server Certificates icon.
  • In the Server Certificates list, right-click the certificate, and then select Export.
  • Export the file to the folder that you created and enter its password.
  • In the Microsoft Management Console import the certificate as described in Import a Certificate. Be sure to specify the Personal store.
  • Leave the console open for the next procedure.
  • Delete the folder that you created in the first step and the certificate file in it. The security advantages of keeping the certificate in the certificate store are defeated if it is also on the file system.

The next procedure applies to both IIS Manager 7 and 8.

To get the serial number of the certificate

  • In the Microsoft Management Console, navigate to the Certificates folder under the Personal folder of the Certificates (Local Computer) snap-in, if it is not already open.
  • Double-click the certificate for your SharePoint Add-in to open it, and then open the Details tab.
  • Select the Serial Number field to make the entire serial number is visible in the box.
  • Copy the serial number, without the spaces, to a text file and save it for later use. (Some developer blog posts and forum questions report that copying the serial number directly into the clipboard creates a string with hidden characters that makes the serial number unrecognizable to code in the SharePoint Add-in. Consider manually typing the number instead of copying it.)

Next you create a cer version of the certificate. This contains the public key of the remote web server and is used by SharePoint to unencrypt requests from the remote web application and validate the access tokens in those requests. It is created on the remote web server and then moved to the SharePoint farm.

To create the cer certificate

  • In IIS manager, select the ServerName node in the tree view on the left.
  • Double-click Server Certificates.
  • In Server Certificates view, double-click the certificate to display the certificate details.
  • On the Details tab, choose Copy to File to launch the Certificate Export Wizard, and then choose Next.
  • Use the default value No, do not export the private key, and then choose Next.
  • Use the default values on the next page. Choose Next.
  • Choose Browse and browse to any folder. (The cer file is going to be moved off of this computer anyway.) Give the file the same name as the pfx file, and then choose Save. The certificate is saved as a .cer file.
  • Choose Next.
  • Choose Finish.                         

Configure Sharepoint to Use the Certificate

Powershell Script Required for Configuration

The procedures in this section can be performed on any SharePoint server on which the SharePoint Management Shell is installed.  The page /Intranet/AppGuide on your TeamOrgChart for Intranet contains the script required to undertake this section of the configuration.

To distribute the cer file to SharePoint

Create a folder and be sure that the add-in pool identities for the following IIS add-in pools have Read right to it:

  • SecurityTokenServiceApplicationPool
  • ​The add-in pool that serves the IIS web site that hosts the parent SharePoint web application for your test SharePoint website. For the SharePoint – 80 IIS website, the pool is called OServerPortalAppPool.

Move (don't merely copy) the .cer file from the remote web server to the folder you just created on the SharePoint server. The file will be in this folder only temporarily.

The following procedure configures the certificate as a trusted token issuer in SharePoint. 

To configure the certificate access the /intranet/AppGuide page on your TeamOrgChart for Intranet installation.

Once you have modified the script to include your client ID and path to the certification open the SharePoint Management Shell as an administrator and run the script.

(The registration of the certificate as a token issuer is not effective immediately and the add-in will not work until it is. It may take as long as 24 hours before all the SharePoint servers recognize the new token issuer. Running an iisreset on all the SharePoint servers, if you can do that without disturbing SharePoint users, would cause them to immediately recognize the issuer.)


Modify Web.Config File for TeamOrgChart Intranet

Edit the web.config file in the folder of your TeamOrgChart Intranet installation so that it contains new values for the following keys in the appSettings node:

  • ClientId: This is the  CLIENTID  that was generated in the first step appregnew.aspx.
  • IssuerId: This is ALSO the CLIENTID  that was generated in the first step appregnew.aspx.
  • ClientSigningCertificateSerialNumber - This is the serial number of the certificate obtained earlier.

Create the App Package for SharePoint

Generate the TeamOrgChart app package

On the TeamOrgChart for Intranet installation that you have set up go to the page https://YOURSERVER/intranet/generateappfile.  

Complete the form and then download the SharePoint App package.



Install the App Package to SharePoint

Install the Add-In in the App Catalogue

On the SharePoint Server go to the Add-in Catalogue.

Upload the generated .APP file to the catalogue.

Add TeamOrgChart for Intranet to a Site Collection

Install the App on the Site Collection

Go to the site collection that you wish to install TeamOrgChart for Intranet.

Select Add an app from the settings menu and then choose From your Organization.

Then select the TeamOrgChartIntranet application to install the app onto the site collection.

How can we help?

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.

Our products


  • For Microsoft SharePoint
  • Download, install & configure
  • $750


  • For Office 365 and SharePoint Online
  • Online, interactive service based application


  • For ASP.NET websites and applications
  • Versatile & feature rich
  • $200 +