Register Service Principal with SharePoint API Permissions

To manage SharePoint, the EmpowerID SharePoint Online microservice requires a service principal application be registered in the SharePoint tenant with permissions to call the appropriate Graph and SharePoint API endpoints. Exact permissions needed are listed in the below table.

API / Permissions Name

Description

API / Permissions Name

Description

Microsoft Graph

Sites.FullControl.All

Have full control of all site collections

User.Read

Sign and read user profile

User.ReadWrite.All

Read and write all users' full profiles

SharePoint

Sites.FullControl.All

Have full control of all site collections

User.Read.All

Read user profiles

User.ReadWrite.All

Read and write user profiles

Register the service principal and grant API permissions to it

  1. Register the service principal in Azure AD.

  2. After the service principal is registered, navigate to API permissions for the application.

  3. Add the application permissions specified in the above table.
    When completed, your application permissions should look like those show in the below image.

     

  4. Grant admin consent for the application.


Next Steps

Create an app service for the SharePoint Online Microservice

Create a key vault

Provision a Cosmos DB Account for SharePoint Online

Add application settings to the app service

Publish the SharePoint Online Microservice