1. Configuring the SharePoint Application
  2. Creating an Application by Using the SharePoint Connector
  3. Prerequisites for Creating an Application By Using the Connector
  4. Registering the Client Application

2.2.1 Registering the Client Application

Registering a client application (that is, the SharePoint Online connector) with the target system is a step that is performed before creating an application instance so that the connector can access SharePoint Online APIs. It also involves generating the client ID and client secret for authenticating to the target system and setting the permissions for the client application.

Pre provisioning involves performing the following tasks on the Azure AD target system:

  1. Register your client application with SharePoint Online to provide secure sign in and authorization for your services. You can register your client application by creating an application in the SharePoint Online Portal.
  2. Generate the client ID and client secret values for your client application. Note down these values as they are required while configuring IT resource parameters.
  3. Specify the permissions that the client application requires to access the target system. To do so:
    1. Assign the Read and write domains and Read and write directory data application permissions that the client application requires on SharePoint Online.
    2. Assign the following delegated permissions that the client application requires on SharePoint Online:
      • Read and write directory data
      • Read and write all groups
      • Read all groups
      • Access the directory as the signed-in user
      • Read directory data
      • Read all user’s full profiles
      • Read all user’s basic profiles
      • Sign in and read user profile
    3. Add the client application to Company Administrator and User Account Administrator in the Azure AD administrative roles. You can refer the following Microsoft support URL for detailed information: https://support.microsoft.com/en-in/kb/3004133

      This provides the necessary permissions for the client application to perform the Change Password and Delete user and group membership operations.

Pre-provisioning involves performing the following tasks on the SharePoint Online target system:

Note:

For registering and granting access use the SharePoint app only. Refer to the link: Microsoft Link.
  1. Log in to the following URL with an account having the global administrator role and generate Client Id and Client Secret: https://<sitename>.SharePoint.com/_layouts/15/appregnew.aspx
    Fields Values
    1. Title Add-In
    2. AppDomain localhost
    3. RedirectUrl https://localhost
  2. Click Create button, which registers the Add-In and returns the success message with created information. Grant permissions to Add-In to access the SharePoint data.

    Note:

    Provide Full Control permission level to the tenant scope, to enable read, write and manage the Site Collections information.
  3. Navigate to the SharePoint site and enter the following URL to redirect to Grant permission page:https://<sitename>-admin.sharepoint.com/_layouts/15/appinv.aspx in the browser
  4. Enter the Client Id created in Step 1 in AppId textbox and click the Lookup button. This would populate the value to other textboxes in Title, App Domain and Redirect URL.
  5. Enter the following permission request in XML format:
    • <AppPermissionRequests AllowAppOnlyPolicy="true">
    • <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
    • </AppPermissionRequests>

    For permission scope URIs, refer link.

  6. Click Create button. This redirects you to a page where you must click on Trust, the add-in proceeds further.