Connecting to Microsoft SharePoint from App Connect Enterprise as a Service
You can connect to Microsoft SharePoint with a user ID and password or with a client ID and secret.
F
To create a connection from App Connect to a Microsoft SharePoint account, complete the following steps. These steps assume you are using the App Connect Designer Applications and APIs page.
- Open the Connect to Sharepoint dialog box by using one of the following options:
- For your first Microsoft SharePoint connection, click Connect.
- To add another Microsoft SharePoint connection, expand the Accounts list and click Add a new account.
- In the Connect to Sharepoint dialog box, select the appropriate
Application type to connect to:
- Select SharePoint Online to connect to a Microsoft SharePoint cloud-based service.
- Select SharePoint Software to connect to a Microsoft SharePoint Server on premises.
- Select an Authorization method:
- SharePoint Online
-
- Select Use the website (OAuth2) to authorize App Connect by logging in to a Microsoft SharePoint account (SharePoint online URL) with its username and password.
- Select Provide credentials for App Connect to use (SAML) to authorize App Connect by providing the SharePoint online URL, username, and password to log in to the Microsoft SharePoint account.
- Select Provide credentials for App Connect to use (BASIC OAUTH) to authorize App Connect by providing the consumer key and secret that were generated when you create a connected app for App Connect in your SharePoint Online instance.
- SharePoint Software
- Set the Application version to 2019, 2016, or 2013.
- Click Continue.
Continue with the steps for your chosen authorization method.
SharePoint Online: Use the website (OAuth2)
Use this option to authorize App Connect by logging in to a Microsoft SharePoint account with the username and password.
- Set SharePoint online URL to the SharePoint Online URL that provides a direct sign-in to the Microsoft SharePoint service. For example, https://anyorganization.sharepoint.com.
- Click Connect.
- Click the option to sign in with an administrator account. (Only an administrator can grant the
permissions to access resources in your Microsoft SharePoint
organization.)Tip: If you are already logged in to Microsoft SharePoint in the same browser window as App Connect Enterprise as a Service, App Connect can connect to that Microsoft SharePoint account without needing further action.
- In the Microsoft login dialog box, specify the username and password for the Microsoft SharePoint account that you want to connect to, then click to allow the App Connect to access Microsoft SharePoint.
- If your Microsoft SharePoint account uses two-factor authentication, approve the access request from App Connect.
SharePoint Online: Provide credentials for App Connect to use (BASIC OAUTH)
Use this option to authorize App Connect by providing App Connect with the consumer key and secret that were generated when you create a connected app for App Connect in your SharePoint Online instance.
- Complete the connection fields that you see in the App Connect Designer
page (previously the Catalog page) or flow editor. If necessary, work with your
Microsoft SharePoint administrator to obtain these values.
- SharePoint online URL: Specify the SharePoint Online URL that provides a direct sign-in to the Microsoft SharePoint service; for example, https://anyorganization.sharepoint.com
- OAuth access token: Specify the access token generated from the Application client ID and
Application client secret.Tip: An access token can be requested by sending a POST request to the Microsoft identity platform endpoint. It is typically generated by using an authorization code, the client ID, client secret, scope, and grant type values for an app that was registered in the Microsoft Azure app registration portal.
- OAuth refresh token: Specify the refresh token generated from the Application client ID
and Application client secret.Tip: A refresh token is returned for the POST request to the Microsoft identity platform endpoint.
- Application client ID: Specify the consumer key that App Connect uses to identify itself
to Microsoft SharePoint. This key is generated when you create a
Microsoft app for App Connect in your SharePoint Online instance.Tip: The application (client) ID value is generated for an app that was registered in the Microsoft Azure app registration portal. The value is displayed on the Overview page for the registered app.
- Application client secret: Specify the consumer secret that identifies App Connect as the
owner of the consumer key. This secret is generated when you create a Microsoft app for App Connect
in your Sharepoint Online instance. Tip: The client secret is generated for an app that was registered in the Microsoft Azure app registration portal. The secret is generated under 'Certificates & secrets' for the registered app.
For information about getting values for the OAuth access token, refresh token, Client ID, and Client secret, see #connect_cloud__d21e531
- Click Connect.
Getting values for Client ID, Client secret, and other BASIC OAUTH parameters
- To obtain values for the Client ID and Client secret fields, you need to register
a Microsoft app that will enable App Connect to integrate with Sharepoint by using APIs and
protocols. If you already have a Microsoft app that you would like to use, skip to the step below to locate the
consumer key and consumer secret that were generated when you created the connected app.
To create a Microsoft app and generate the Client ID and Client secret values, complete the steps described in the Microsoft article https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application.
Important: When you add a new Client ID (on the Certificates & secrets page of the Azure Portal) record the secret's value for use later. This secret value is never displayed again after you leave that page.Assign the following Microsoft SharePoint specific permissions to your app:Table 1. Microsoft app permissions API / Permissions name Type Description Admin consent required Azure Active Directory Graph User.Read Delegated Sign in and read user profile - SharePoint AllSites.FullControl Delegated Have full control of all site collections Yes AllSites.Manage Delegated Read and write items and lists in all site collections - AllSites.Read Delegated Read items in all site collections - AllSites.Write Delegated Read and write items in all site collections - Myfiles.Read Delegated Read user files - Myfiles.Write Delegated Read and write user files - Sites.FullControl.All Application Have full control of all site collections Yes When the Microsoft app has been registered successfuly, you will have values for the Client ID and Client secret (client_id and client_secret).
- To locate the Client ID for an app that was registered at an earlier
date, you can use the Azure portal:
- Sign in to the Azure portal, https://portal.azure.com/#home, with the credentials of an administrator.Note: If your account gives you access to more than one tenant, use the Directory + subscription filter to select the tenant in which you want to register an app for use with App Connect.
- In the Search field, enter app registrations, then select the App registrations option
- On the App registrations page, select the registered app that you want to
use for App Connect.
- The Client ID is displayed on the Overview page
- Sign in to the Azure portal, https://portal.azure.com/#home, with the credentials of an administrator.
- To obtain the OAuth access token and OAuth refresh token values, you need to
obtain an authorization code value (code) and then submit a POST action with the
code, client_id, and client_secret values.
- To obtain the code value, open the following URL in a web browser (after
substituting the code, redirect_uri, and
resource_sharepoint_tenantUrl values):
https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=client_id&redirect_uri=redirect_uri&resource=resource_sharepoint_tenantUrl&state=234567891&scope=AllSites.FullControl AllSites.Manage AllSites.Read AllSites.Write FastSearch.QuerySP full_access_as_user MyFiles.Read MyFiles.Write UserProfile.Read
- redirect_uri: The redirect URI where you want the response to be sent for your app to handle, specified when registering your app.
- resource_sharepoint_tenantUrl: Your Microsoft SharePoint tenant URL; for example: https://anyorganization.sharepoint.com
- Submit a POST action to obtain the OAuth access token and OAuth refresh token
values; for example, using curl or Postman.
- Submit the POST action to the URL https://login.windows.net/common/oauth2/token
- Submit the body as
x-www-form-urlencoded
, with the following parameters:grant_type:authorization_code code:code client_id:client_id client_secret: client_secret scope:AllSites.FullControl AllSites.Manage AllSites.Read AllSites.Write FastSearch.QuerySP full_access_as_user MyFiles.Read MyFiles.Write UserProfile.Read redirect_uri: redirect_uri
- To obtain the code value, open the following URL in a web browser (after
substituting the code, redirect_uri, and
resource_sharepoint_tenantUrl values):
{ "access_token": "ya29.Il-9B2KbXhweZamxIsHe3_rjblkc7Xh_...", "token_type": "Bearer", "expires_in": 3599, "scope": "AllSites.FullControl%20AllSites.Manage%20AllSites.Read%20AllSites.Write%20FastSearch.QuerySP%20full_access_as_user%20MyFiles.Read%20MyFiles.Write%20UserProfile.Read", "refresh_token": "1//04g2mKH5RhxUECgYIARAAGAQSNwF-L9IreLqEqk...", "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...", }
Result
You created an account in App Connect. For more information, see Managing accounts.
Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.