Prerequisites for Connecting to Microsoft SharePoint Online

For Microsoft SharePoint Plugin, to successfully connect to Microsoft SharePoint Online:

  • Application must be registered on Microsoft Azure Portal
  • API access must be enabled for the application on Microsoft Azure Portal depending on Auth Type:
    • For Password/OAuth – Delegated Permissions
    • For Client credential – Application permissions

Additionally:

  • Client credential requires generating Client Secret
  • OAuth requires adding redirect URIs

Start by registering an application and proceed depending on the Auth Type to be used:

Multiple Auth Types will be available starting 6.3.1.

1. Register an Application

Access Azure Portal's Home

  1. Select App registrations
  2. Proceed with New registration
  1. Input a descriptive phrase in Name
  2. Specify Supported account types as shown on the screen
  3. Choose "Public client/native" from the Redirect URI drop-down
    • Setting the value for Redirect URI is required for OAuth, but can be done later. Select the OAuth type at the following step to see the instructions.

2. Proceed Depending on Your Auth Type

Each of the types requires a different set of parameters and API permissions.

2.1. Password Auth Type

Required parameters:

  • Client ID
  • Username and Password used for accessing the MS SharePoint account

2.1.1. Locate Client ID

Access the newly-created application > Overview Tab

  1. Find Client ID as shown on the screen above

2.1.2. Enable Delegated Permissions

  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Delegated permissions
  4. Under Sites, check Sites.Read.All
  5. [Add permissions]

2.2. OAuth Auth Type

Required parameters:

  • Client ID
  • Token

2.2.1. Locate Client ID

Access the newly-created application > Overview Tab

  1. Find Client ID as shown on the screen above

2.2.2. Enable Delegated Permissions

  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Delegated permissions
  4. Under Sites, check Sites.Read.All
  5. [Add permissions]

2.2.3. Add Redirect URI

Access App's Authentication

  1. [+Add a platform]
    • NOTE: If a platform has already been added, directly proceed to adding an URI via [+Add URI]. See the format below in Step 3
  2. Select Mobile and desktop applications
  3. Add the URI in the following format:
    • https://<hostname>/editor/service/validatepowerbioauth
  4. [Configure]

2.3. Client Credential Auth Type

Required parameters:

  • Client ID
  • Tenant
  • Client Secret

2.3.1. Locate Client ID and Tenant

Access the newly-created application > Overview Tab

  1. Find Client ID and Tenant to be used for MI Data Source creation as shown on the screen above

2.3.2. Generate Client Secret

Access App's Certificates & secrets

  1. [+New client secret]
  2. Enter Description
  3. Specify validity period
  4. [Add]
  5. Copy the Client secret Value
    • NOTE: the Value won't be available after you perform another operation or leave the tab

2.3.3. Enable Application Permissions

Access API permissions

  1. [+Add a permission]
  2. Choose Microsoft Graph
  3. Select Application permissions
  4. Under Sites, check Sites.Read.All
  5. [Add permissions]

2.4. Identity Profile Auth Type

Identity Profiles are configured on the MI side.

Find more information in Overview of Identity Profiles and Configuring CyberArk Authentication for Data Sources.