You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Register Service Principal Applications for the SharePoint Online Microservice

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

As part of the process for deploying the SharePoint Online microservice, two service principal applications need to be registered in Azure. The first service principal is used to provide Azure AD authentication to the app service that hosts the microservice. The second service principal is grants Graph and SharePoint API permissions for the microservice to manage SharePoint. Required permissions for the second service principal include those listed in the below table.

API / Permissions Name

Description

Microsoft Graph

Sites.FullControl.All

Have full control of all site collections

User.Read

Sign and read user profile

User.ReadWrite.All

Read and write all users' full profiles

SharePoint

Sites.FullControl.All

Have full control of all site collections

User.Read.All

Read user profiles

User.ReadWrite.All

Read and write user profiles

Register a service principal for app service auth

  1. In Azure, navigate to your Azure Active Directory.

  2. On the Azure Active Directory navbar, click App registrations.

  3. On the App registrations page, click New registration.

  4. Name the application, select the scope (single or multitenant) and click Register.

  5. Once the application is registered, copy the Application (client) ID and Directory (tenant) ID from the Overview page. These values are used later.

  6. Navigate to the Certificates & secrets blade for the application and upload the base-64 encoded certificate you are using to secure HTTP traffic between EmpowerID and the microservice. The public key certificate that you upload to Azure must have a corresponding private key in the EmpowerID certificate store; otherwise, an error will occur when calling Azure’s API.

  7. Add a client secret.

  8. Save the secret. You add this to the key vault you create later.

Register a service principal for SharePoint API calls

  1. Register a second service principal in Azure AD.

  2. After the service principal is registered, navigate to API permissions for the application, click Add a permission and then add the application permissions specified in the above table.
    When completed, your application permissions should look like those show in the below image.

  3. Grant admin consent for the application.

Next steps

Create an app service for the SharePoint Online Microservice

Create a key vault

Provision a Cosmos DB Account for SharePoint Online

Add application settings to the app service

Publish the SharePoint Online Microservice

IN THIS ARTICLE

  • No labels