Connecting to Microsoft SharePoint from App Connect Enterprise as a Service

You can connect to Microsoft SharePoint with a user ID and password or with a client ID and secret.

F

Remember: You can connect to Microsoft SharePoint either from the App Connect Designer Connect > Applications and APIs page (previously the Catalog page), or when you add an app to a flow. For more information, see Connecting to applications and APIs.

To create a connection from App Connect to a Microsoft SharePoint account, complete the following steps. These steps assume you are using the App Connect Designer Applications and APIs page.

  1. Open the Connect to Sharepoint dialog box by using one of the following options:
    • For your first Microsoft SharePoint connection, click Connect.
    • To add another Microsoft SharePoint connection, expand the Accounts list and click Add a new account.
  2. In the Connect to Sharepoint dialog box, select the appropriate Application type to connect to:
    • Select SharePoint Online to connect to a Microsoft SharePoint cloud-based service.
    • Select SharePoint Software to connect to a Microsoft SharePoint Server on premises.
  3. Select an Authorization method:
    SharePoint Online
    • Select Use the website (OAuth2) to authorize App Connect by logging in to a Microsoft SharePoint account (SharePoint online URL) with its username and password.
    • Select Provide credentials for App Connect to use (SAML) to authorize App Connect by providing the SharePoint online URL, username, and password to log in to the Microsoft SharePoint account.
    • Select Provide credentials for App Connect to use (BASIC OAUTH) to authorize App Connect by providing the consumer key and secret that were generated when you create a connected app for App Connect in your SharePoint Online instance.
    SharePoint Software
    Set the Application version to 2019, 2016, or 2013.
    For the Authorization method, select Provide credentials for App Connect to use (BASIC) to authorize App Connect with your SharePoint on premises host and port, username, and password.
    Select Provide credentials for App Connect to use (NTLM v1) to authorize App Connect with your SharePoint on premises host and port, username, password, domain and workstation.
  4. Click Continue.

Continue with the steps for your chosen authorization method.

SharePoint Online: Use the website (OAuth2)

Use this option to authorize App Connect by logging in to a Microsoft SharePoint account with the username and password.

  1. Set SharePoint online URL to the SharePoint Online URL that provides a direct sign-in to the Microsoft SharePoint service. For example, https://anyorganization.sharepoint.com.
  2. Click Connect.
  3. Click the option to sign in with an administrator account. (Only an administrator can grant the permissions to access resources in your Microsoft SharePoint organization.)
    Tip: If you are already logged in to Microsoft SharePoint in the same browser window as App Connect Enterprise as a Service, App Connect can connect to that Microsoft SharePoint account without needing further action.
  4. In the Microsoft login dialog box, specify the username and password for the Microsoft SharePoint account that you want to connect to, then click to allow the App Connect to access Microsoft SharePoint.
  5. If your Microsoft SharePoint account uses two-factor authentication, approve the access request from App Connect.

SharePoint Online: Provide credentials for App Connect to use (SAML)

Use this option to authorize App Connect by providing App Connect with the SharePoint Online URL, username, and password to log in to the Microsoft SharePoint account.

Restriction: To authenticate the connection to SharePoint Online by using SAML verification, IBM® App Connect doesn't support two-factor authentication. Before you use IBM App Connect with your Microsoft SharePoint account, check if your account has two-factor authentication enabled and, if so, disable two-factor authentication or choose the Use the website (OAuth2) option.
  1. Complete the connection fields that you see in the App Connect Designer Applications and APIs page or flow editor. If necessary, work with your Microsoft SharePoint administrator to obtain these values.
    • SharePoint online URL: Specify the SharePoint Online URL that provides a direct sign-in to the Microsoft SharePoint service; for example, https://anyorganization.sharepoint.com
    • User name: Specify the user name (in the form of an email address) that you use to log in to your Microsoft SharePoint instance.
    • Password: Specify the password that you use to log in to Microsoft SharePoint.
    • Site collection path: (optional) Specify the site collection URL in Microsoft SharePoint relative to the SharePoint URL; for example, /TeamSite or /sites/mysitecollection.
    Figure 1. Example of completed fields for connecting from App Connect
    The image is described in the preceding text.

    (Click the image to view full size.)

  2. Click Connect.

SharePoint Online: Provide credentials for App Connect to use (BASIC OAUTH)

Use this option to authorize App Connect by providing App Connect with the consumer key and secret that were generated when you create a connected app for App Connect in your SharePoint Online instance.

  1. Complete the connection fields that you see in the App Connect Designer Connect > Applications and APIs page (previously the Catalog page) or flow editor. If necessary, work with your Microsoft SharePoint administrator to obtain these values.
    • SharePoint online URL: Specify the SharePoint Online URL that provides a direct sign-in to the Microsoft SharePoint service; for example, https://anyorganization.sharepoint.com
    • OAuth access token: Specify the access token generated from the Application client ID and Application client secret.
      Tip: An access token can be requested by sending a POST request to the Microsoft identity platform endpoint. It is typically generated by using an authorization code, the client ID, client secret, scope, and grant type values for an app that was registered in the Microsoft Azure app registration portal.
    • OAuth refresh token: Specify the refresh token generated from the Application client ID and Application client secret.
      Tip: A refresh token is returned for the POST request to the Microsoft identity platform endpoint.
    • Application client ID: Specify the consumer key that App Connect uses to identify itself to Microsoft SharePoint. This key is generated when you create a Microsoft app for App Connect in your SharePoint Online instance.
      Tip: The application (client) ID value is generated for an app that was registered in the Microsoft Azure app registration portal. The value is displayed on the Overview page for the registered app.
    • Application client secret: Specify the consumer secret that identifies App Connect as the owner of the consumer key. This secret is generated when you create a Microsoft app for App Connect in your Sharepoint Online instance.
      Tip: The client secret is generated for an app that was registered in the Microsoft Azure app registration portal. The secret is generated under 'Certificates & secrets' for the registered app.

    For information about getting values for the OAuth access token, refresh token, Client ID, and Client secret, see #connect_cloud__d21e531

    Figure 2. Example of completed fields for connecting from App Connect
    The image is described in the previous text.

    (Click the image to view full size.)

  2. Click Connect.

SharePoint Software: Provide credentials for App Connect to use (BASIC)

Use this option to authorize App Connect with your Microsoft SharePoint on premises host and port, username, and password.

  1. Complete the connection fields that you see in the App Connect Designer Applications and APIs page or flow editor. If necessary, work with your Microsoft SharePoint administrator to obtain these values.
    • SharePoint on premises host and port: Specify the SharePoint on premises web application URL that provides a direct sign-in to the Microsoft SharePoint service; for example, https://mysharepointhost:8443
    • Site collection path: (optional) Specify the site collection URL in Microsoft SharePoint relative to the SharePoint URL; for example, /TeamSite or /sites/mysitecollection
    • Username: Specify the user name (in the form of an email address) that you use to log in to your Microsoft SharePoint instance.
    • Password: Specify the password that you use to log in to Microsoft SharePoint.
    • Private network connection: Select the name of a private network agent that App Connect uses to connect to your private network. This list is populated with the names of private network agents that are created on the Private networks page. For more information, see Connecting to a private network.
    Figure 3. Example of completed fields for connecting from App Connect
    The image is described in the preceding text.

    (Click the image to view full size.)

  2. Click Connect.

SharePoint Software: Provide credentials for App Connect to use (NTLM v1)

Use this option to authorize App Connect with your Microsoft SharePoint on premises host and port, username, password, domain and workstation.

  1. Complete the connection fields that you see in the App Connect Designer Applications and APIs page or flow editor. If necessary, work with your Microsoft SharePoint administrator to obtain these values.
    • SharePoint on premises host and port: Specify the SharePoint on premises web application URL that provides a direct sign-in to the Microsoft SharePoint service; for example, https://mysharepointhost:8443
    • Site collection path: (optional) Specify the site collection URL in Microsoft SharePoint relative to the SharePoint URL; for example, /TeamSite or /sites/mysitecollection
    • Username: Specify the user name (in the form of an email address) that you use to log in to your Microsoft SharePoint instance.
    • Password: Specify the password that you use to log in to Microsoft SharePoint.
    • Domain: The domain you use to log in to your on premises Microsoft SharePoint account.
    • Workstation: Workstation or server name where Microsoft SharePoint is installed.
    • Private network connection: Select the name of a private network agent that App Connect uses to connect to your private network. This list is populated with the names of private network agents that are created on the Private networks page. For more information, see Connecting to a private network.
  2. Click Connect.

Getting values for Client ID, Client secret, and other BASIC OAUTH parameters

  1. To obtain values for the Client ID and Client secret fields, you need to register a Microsoft app that will enable App Connect to integrate with Sharepoint by using APIs and protocols. If you already have a Microsoft app that you would like to use, skip to the step below to locate the consumer key and consumer secret that were generated when you created the connected app.

    To create a Microsoft app and generate the Client ID and Client secret values, complete the steps described in the Microsoft article https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application.

    Important: When you add a new Client ID (on the Certificates & secrets page of the Azure Portal) record the secret's value for use later. This secret value is never displayed again after you leave that page.
    Assign the following Microsoft SharePoint specific permissions to your app:
    Table 1. Microsoft app permissions
    API / Permissions name Type Description Admin consent required
    Azure Active Directory Graph
    User.Read Delegated Sign in and read user profile -
    SharePoint
    AllSites.FullControl Delegated Have full control of all site collections Yes
    AllSites.Manage Delegated Read and write items and lists in all site collections -
    AllSites.Read Delegated Read items in all site collections -
    AllSites.Write Delegated Read and write items in all site collections -
    Myfiles.Read Delegated Read user files -
    Myfiles.Write Delegated Read and write user files -
    Sites.FullControl.All Application Have full control of all site collections Yes

    When the Microsoft app has been registered successfuly, you will have values for the Client ID and Client secret (client_id and client_secret).

  2. To locate the Client ID for an app that was registered at an earlier date, you can use the Azure portal:
    1. Sign in to the Azure portal, https://portal.azure.com/#home, with the credentials of an administrator.
      Note: If your account gives you access to more than one tenant, use the Directory + subscription filter Icon that represents the Directory + subscription filter to select the tenant in which you want to register an app for use with App Connect.
    2. In the Search field, enter app registrations, then select the App registrations option
    3. On the App registrations page, select the registered app that you want to use for App Connect.
      • The Client ID is displayed on the Overview page
  3. To obtain the OAuth access token and OAuth refresh token values, you need to obtain an authorization code value (code) and then submit a POST action with the code, client_id, and client_secret values.
    1. To obtain the code value, open the following URL in a web browser (after substituting the code, redirect_uri, and resource_sharepoint_tenantUrl values):
      https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=client_id&redirect_uri=redirect_uri&resource=resource_sharepoint_tenantUrl&state=234567891&scope=AllSites.FullControl AllSites.Manage AllSites.Read AllSites.Write FastSearch.QuerySP full_access_as_user MyFiles.Read MyFiles.Write UserProfile.Read
      • redirect_uri: The redirect URI where you want the response to be sent for your app to handle, specified when registering your app.
      • resource_sharepoint_tenantUrl: Your Microsoft SharePoint tenant URL; for example: https://anyorganization.sharepoint.com
    2. Submit a POST action to obtain the OAuth access token and OAuth refresh token values; for example, using curl or Postman.
      • Submit the POST action to the URL https://login.windows.net/common/oauth2/token
      • Submit the body as x-www-form-urlencoded, with the following parameters:
        grant_type:authorization_code
        code:code
        client_id:client_id
        client_secret: client_secret
        scope:AllSites.FullControl AllSites.Manage AllSites.Read AllSites.Write FastSearch.QuerySP full_access_as_user MyFiles.Read MyFiles.Write UserProfile.Read
        redirect_uri: redirect_uri
A successful response looks like the following example:
{
    "access_token": "ya29.Il-9B2KbXhweZamxIsHe3_rjblkc7Xh_...",
    "token_type": "Bearer",
    "expires_in": 3599,
    "scope": "AllSites.FullControl%20AllSites.Manage%20AllSites.Read%20AllSites.Write%20FastSearch.QuerySP%20full_access_as_user%20MyFiles.Read%20MyFiles.Write%20UserProfile.Read",
    "refresh_token": "1//04g2mKH5RhxUECgYIARAAGAQSNwF-L9IreLqEqk...",
    "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2YTctOD...",
}

Result

You created an account in App Connect. For more information, see Managing accounts.

Tip:

Before you use the account that is created in App Connect in a flow, rename the account to something meaningful that helps you to identify it. To rename the account on the Applications and APIs page, select the account, open its options menu (⋮), then click Rename Account.