OneConnect supports multiple authentication options to connect to SharePoint Online.
URL + User Account
To authenticate to SharePoint, you can enter the URL of the SharePoint site, a username and password for a user account that has access to that SharePoint site.
The user account cannot not have Multi-Factor Authentication (MFA) associated with it.
It is recommended to use a dedicated user account to access the SharePoint site. Best practice dictates one user account per integration to avoid data throttling and potential strategy failures by Microsoft.
Pros of using an account to connect:
- Quick to set up.
- Security can be setup to use
Cons of using an account to connect:
- The account cannot have Multi-Factor Authentication (MFA).
- A username and password must be configured in OneConnect.
- This method does not use "Modern" Authentication.
URL + Service Principal
Service principal based authentication with SharePoint Online is an alternative to using just a user account.
To authenticate SharePoint Online, users can enter the URL of the SharePoint Online site, and set up a service principal.
Pros of Service Principal:
- More secure than using a user account
Cons of Service Principal:
- More involved process to set up (requires a Microsoft tenant administrator to approve permissions).
Creating a Service Principal
Connecting to any SharePoint or Tabular Data integration using a Service Principal can only be done through the Entra application that OnePlan creates via the integrations Authorize button.
Authorize Button
Within the SharePoint or Tabular Data connector, expand the Advanced Options section, Click on the blue Authorize button, a new window will appear requesting permissions to be granted on behalf of your organization. Click Accept and enter the tenant administrator credentials.
In Entra, a security principal will be created (in the enterprise applications section) with the name OneConnect SharePoint Authentication.
The permission that is granted is:
Microsoft Graph - User.Read.
Office 365 SharePoint Online - Sites.FullControl.All
NOTE: This approach grants the service principal full control of all SharePoint sites.
Comments
0 comments
Please sign in to leave a comment.