Tabular Data - Authentication Methods

  • Updated

OneConnect supports multiple authentication options to connect to SharePoint Online for Tabular Data integrations.

Please review the options available and choose the best option for your company, before beginning the integration setup. 

 

URL + User Account

To authenticate to SharePoint, provide the URL of the SharePoint site along with a username and password for an account that has access to the site. 

The user account cannot have Multi-Factor Authentication (MFA) enabled.

It is recommended to use a dedicated user account to access the SharePoint site. Best practice dictates one user account per integration to avoid data throttling and potential strategy failures by Microsoft. 

Pros of using an account to connect:

  • Quick to set up.
  • Security can be setup to use  

Cons of using an account to connect:

  • The account cannot have Multi-Factor Authentication (MFA).
  • A username and password must be configured in OneConnect. 
  • This method does not use "Modern" Authentication. 

URL + Service Principal (New)

Service principal based authentication with SharePoint Online is an alternative to using a user account. 

To authenticate SharePoint, provide the URL of the SharePoint site, check the Use a Service Principal to connect to SharePoint Online beneath the Advanced Options section of the SharePoint or Tabular Data connector. The checkbox will authenticate the integration via the Service Principal that will be created via the Authorize button. 

Pros of Service Principal:

  • More secure than using a user account

Cons of Service Principal:

  • More involved process to set up (requires a Microsoft tenant administrator to approve permissions).

Creating a Service Principal

Connecting to any SharePoint or Tabular Data integration using a Service Principal can only be done through the Entra application that OnePlan creates via the integrations Authorize button. 

Authorize Button (Default OnePlan Application)

Within the SharePoint or Tabular Data connector, expand the Advanced Options section, a Microsoft tenant administrator must click the Authorize button within the connector. This will prompt a login screen where the tenant administrator will need to enter their credentials.

SharePoint Service Principal.png

That will add an Entra Application named OneConnect SharePoint Authentication to your tenant.

 

The OneConnect SharePoint Authentication application will have the following delegated permission:

  • Microsoft Graph: User.Read

The OneConnect SharePoint Authentication application will have the following application permission:

  • Office 365 SharePoint Online: Sites.FullControl.All

NOTE: This approach grants the service principal full control of all SharePoint sites.

 

SharePoint Enterprise Application Permissions.png

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request