Register Service Principal with SharePoint API Permissions
To manage SharePoint, the EmpowerID SharePoint Online microservice requires a service principal application be registered in the SharePoint tenant with permissions to call the appropriate Graph and SharePoint API endpoints. Exact permissions needed are listed in the below table.
API / Permissions Name | Description |
|---|---|
Microsoft Graph | |
Sites.FullControl.All | Have full control of all site collections |
User.Read | Sign and read user profile |
User.ReadWrite.All | Read and write all users' full profiles |
SharePoint | |
Sites.FullControl.All | Have full control of all site collections |
User.Read.All | Read user profiles |
User.ReadWrite.All | Read and write user profiles |
Register the service principal and grant API permissions to it
Register the service principal in Azure AD.
After the service principal is registered, navigate to API permissions for the application.
Add the application permissions specified in the above table.
When completed, your application permissions should look like those show in the below image.Â
Grant admin consent for the application.
Next Steps
Create an app service for the SharePoint Online Microservice
Provision a Cosmos DB Account for SharePoint Online