SharePoint Online - Authentication Methods

  • Updated

OneConnect supports multiple authentication options to connect to SharePoint Online.

 

URL + User Account

To authenticate to SharePoint, you can enter the URL of the SharePoint site, a username and password for a user account that has access to that SharePoint site.

The user account cannot not have Multi-Factor Authentication (MFA) associated with it.

It is recommended to use a dedicated user account to access the SharePoint site. Best practice dictates one user account per integration to avoid data throttling and potential strategy failures by Microsoft. 

 

Pros of using an account to connect:

  • Quick to set up.
  • Security can be setup to use  

Cons of using an account to connect:

  • The account cannot have Multi-Factor Authentication (MFA).
  • A username and password must be configured in OneConnect. 
  • This method does not use "Modern" Authentication. 
  1.  

URL + Service Principal

Service principal based authentication with SharePoint Online is an alternative to using just a user account. 

To authenticate SharePoint Online, users can enter the URL of the SharePoint Online site, and set up a service principal.

Pros of Service Principal:

  • More secure than using a user account

Cons of Service Principal:

  • More involved process to set up (requires a Microsoft tenant administrator to approve permissions).

Creating a Service Principal

Connecting to any SharePoint or Tabular Data integration using a Service Principal can only be done through the Entra application that OnePlan creates via the integrations Authorize button. 

Authorize Button

Within the SharePoint or Tabular Data connector, expand the Advanced Options section, Click on the blue Authorize button, a new window will appear requesting permissions to be granted on behalf of your organization. Click Accept and enter the tenant administrator credentials. 

SharePoint Service Principal.png

In Entra, a security principal will be created (in the enterprise applications section) with the name OneConnect SharePoint Authentication.

The permission that is granted is:

Microsoft Graph - User.Read.

Office 365 SharePoint Online - Sites.FullControl.All

NOTE: This approach grants the service principal full control of all SharePoint sites.

SharePoint Enterprise Application Permissions.png

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request