Versions Compared

Old Version 7

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To manage SharePoint, the EmpowerID SharePoint Online (SPO) microservice requires a service principal application be registered in the SharePoint tenant to provide Azure AD authentication to the app service that hosts the

...

API / Permissions Name

...

Description

...

Microsoft Graph

...

Sites.FullControl.All

...

Have full control of all site collections

...

User.Read

...

Sign and read user profile

...

User.ReadWrite.All

...

Read and write all users' full profiles

...

SharePoint

...

Sites.FullControl.All

...

Have full control of all site collections

...

User.Read.All

...

Read user profiles

...

User.ReadWrite.All

...

Read and write user profiles

SPO microservice.

Register a service principal for app service auth

  1. In Azure, navigate to your Azure Active Directory.

  2. On the Azure Active Directory navbar, click App registrations.

  3. On the App registrations page, click New registration.

    Image Modified

  4. Name the application, select the scope (single or multitenant) and click Register.

  5. Once the application is registered, copy the Application (client) ID and Directory (tenant) ID from the Overview page. These values are used later.

  6. Navigate to the Certificates & secrets blade for the application and upload the base-64 encoded certificate you are using to secure HTTP traffic between EmpowerID and the microservice. The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.

  7. Add a client secret

...

...

  1. and copy the value. You add this value to the

...

Register a service principal for SharePoint API calls

  1. Register a second service principal in Azure AD.

  2. After the service principal is registered, navigate to API permissions for the application, click Add a permission and then add the application permissions specified in the above table.
    When completed, your application permissions should look like those show in the below image.

    Image Removed

  3. Grant admin consent for the application.

...

  1. Key Vault in your EmpowerID tenant.

    Image Added

...

Next steps

Register Service Principal with SharePoint API Permissions

Create an app service for the SharePoint Online Microservice

Create a key vault

Provision a Cosmos DB Account for SharePoint Online

Create a Function app to Update User Profiles

Add application settings to the app service

Add Secret to Key Vault in EmpowerID Tenant

Publish the SharePoint Online Microservice

...

stylefloat: left; position: fixed;padding: 5px;

IN THIS ARTICLE

...

Configuration of SharePoint Online Inventory - Not Applicable if using EmpowerID SaaS