Prerequisites for Connecting to Microsoft SharePoint Online

For Microsoft SharePoint Plugin, to successfully connect to Microsoft SharePoint Online:

  • Application must be registered on Microsoft Azure Portal
  • API access must be enabled for the application on Microsoft Azure Portal depending on Auth Type:
    • For Password/OAuth – Delegated Permissions
    • For Client credential – Application permissions

Additionally:

  • Client credential requires generating Client Secret
  • OAuth requires adding redirect URIs

Start by registering an application and proceed depending on the Auth Type to be used.

Multiple Auth Types will be available starting 6.3.1.

Register an Application

Access Azure Portal's Home

  1. Select App registrations
  2. Proceed with New registration
  1. Input a descriptive phrase in Name
  2. Specify Supported account types as shown on the screen
  3. Choose "Public client/native" from the Redirect URI drop-down

What Auth Type to Be Used for Establishing Connectivity with MS SharePoint Plugin?

Each of the types requires a different set of parameters and API permissions:

Required parameters:

  • Client ID
  • Username and Password used for accessing the MS SharePoint account

Access the newly-created application > Overview Tab

  1. Find Client ID as shown on the screen above
  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Delegated permissions
  4. Under User, check User.Read
  5. Under Sites, check Sites.Read.All
  6. [Add permissions]

Required parameters:

  • Client ID
  • Token

Access the newly-created application > Overview Tab

  1. Find Client ID as shown on the screen above
  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Delegated permissions
  4. Under User, check User.Read
  5. Under Sites, check Sites.Read.All
  6. [Add permissions]

Access App's Authentication

  1. [+Add a platform]
    • NOTE: If a platform has already been added, directly proceed to adding an URI via [+Add URI]. See the format below in Step 3
  2. Select Mobile and desktop applications
  3. Add the URI in the following format:
    • https://<hostname>/editor/service/validatepowerbioauth
  4. [Configure]

Required parameters:

  • Client ID
  • Tenant
  • Client Secret

Access the newly-created application > Overview Tab

  1. Find Client ID and Tenant to be used for MI Data Source creation as shown on the screen above

Access App's Certificates & secrets

  1. [+New client secret]
  2. Enter Description
  3. Specify validity period
  4. [Add]
  5. Copy the Client secret Value
    • NOTE: the Value won't be available after you perform another operation or leave the tab

Access API permissions

  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Application permissions
  4. Under Sites, check Sites.Read.All
  5. [Add permissions]

Identity Profiles are configured on the MI side.

Find more information in Overview of Identity Profiles and Configuring CyberArk Authentication for Data Sources

Workflows are not supported in your browser.
Please use a recent version of Chrome, Edge, Firefox or Safari to display this page.