The SharePoint Online microservice requires a key vault with a certificate for certificate-based authentication between the microservice and the service principal registered for it. Additionally, the key vault needs to configured with an access policy that grants key, secret and certificate permissions to assigned applications. These permissions will be granted to the SharePoint Online app service hosting the microservice.
Create the key vault and certificate
In Azure, create a key vault.
Navigate to the Certificate page for the key vault and generate a self-signed certificate for it.
Download the certificate in CER format. You will add this to the service principal you created for with the Graph and SharePoint Online microserviceAPI permissions.
Add access policy to the key vault
Navigate to the Access policies blade for the key vault and add an access policy to it with the below Key, Secret and Certificate permissions.
Key Permissions
Get
Decrypt
Unwrap Key
Verify
Secret Permissions
Get
List
Set
Delete
Purge
Certificate Permissions
Get
Select the SharePoint Online app service you created earlier as the service principal.
Add a secret to the key vault
Navigate to the Secrets blade for the access policy and select Generate/Import.
Set the Name to SPOAppServiceAuthSecret and the Value to the value of the secret you created for the microservice service principal.
| Tip |
|---|
Before leaving the key vault, navigate to the Overview blade and copy the Vault URI. You will need this when configuring the Cosmos DB. |
Upload the certificate to the service principal
Navigate to the Certificates & Secrets blade for the service principal you registered for created with the Graph and SharePoint Online microserviceAPI permissions.
Upload the certificate you downloaded from the key vault.
| Insert excerpt | ||||||
|---|---|---|---|---|---|---|
| ||||||
| Insert excerpt | IL:External Stylesheet | IL:External Stylesheet | nopanel | true
Next steps
| Div | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
IN THIS ARTICLE
|