Please note that Microsoft will not support SharePoint Add-in for new tenants starting in November of 2024. Please review this article for other options.
Modern authentication setup is restricted to the tenant admin, who must also be the SharePoint site collection administrator for the SharePoint site being in use. This document specifically pertains to the Tabular Data and SharePoint integrations.
If the integration is for Project Online or OneAnalytics integrations, please go to the Project Online Modern Authentication page.
Important
The user setting up Modern Authentication must be a Global Admin (Tenant Admin) as well as the Site Collection Admin.
Navigate to your SharePoint URL
- https://{OrganizationName}.sharepoint.com/sites/{SiteName}
Register a SharePoint add-in (app)
- Navigate to: {SharePointURL}/_layouts/15/appregnew.aspx
- Click on Generate for both Client Id and Client Secret.
- Give the add-in app a unique Title.
- Enter the App Domain: my.oneconnect.ai (or https://eu.oneconnect.ai for European customers utilizing eu.oneplan.ai)
- Enter the Redirect URL: https://my.oneconnect.ai (or https://eu.oneconnect.ai for European customers utilizing eu.oneplan.ai)
- Click Create. Save the generated Client Id, Client Secret, and Title for future use.
Note
The client id and client secret are linked to individual OneDrive URLs.
Grant API Permissions
- Navigate to {SharePointURL}/_layouts/15/AppInv.aspx.
- Enter the Client ID from step 2.e into the App Id text field and click Generate. This should populate the Title, App Domain, and Redirect URL fields. Please confirm that all fields were entered correctly.
- For the Permission Request XML, enter the following code to grant permissions, then click Create, then Trust It:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl"/> </AppPermissionRequests>
Note
The XML code will grant two full control permissions on a site collection control on the site. To view the complete list of available scopes, please view the Available scopes and permissions, and restrictions on Office Store App Permissions.
(Optional) Confirm Permissions
- Navigate to {SharePointURL}/_layouts/15/appprincipals.aspx
- Confirm that the SharePoint Title is available in the list of add-in permissions.
Handling 401 Unauthorized Error
If this message appears when testing the connector or when viewing the field mappings for the integration, please follow the remaining steps:
- Navigate to the SharePoint site, click on the waffle icon, then select Admin. This will take you to the Microsoft 365 Admin Center.
- In the Microsoft 365 Admin Center, go to SharePoint (hamburger icon in the top left, click Show All, select SharePoint). This URL will be called the SharePointAdminURL.
- Open Windows PowerShell as an administrator, and enter the following commands:
- Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version
- Install-Module-Name Microsoft.Online.SharePoint.PowerShell
- Note: If this is your first time using Windows PowerShell, you may encounter two notifications. The first notification will prompt 'NuGet Provider is required to continue.' Please read the notification and type 'Y', then press Enter to proceed. The second notification will say ‘Untrusted repository’. Please read the notification and type ‘Y’, then press Enter to proceed.
- Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser
- Update-Module -Name Microsoft.Online.SharePoint.PowerShell
- Connect-SPOService -Url [SharePointAdminURL] -Credential [AdminUsername]
- Replace [SharePointAdminURL] with the full SharePointAdminURL from 5b without the brackets (e.g., https://{OrganizationName}-admin.sharepoint.com). Replace the [AdminUsername] with the Global Administrator username you are using to grant these permissions, also without brackets.
- Set-SPOTenant -DisableCustomAppAuthentication $true
- Set-SPOTenant -DisableCustomAppAuthentication $false
Once all the commands have been entered successfully, close PowerShell, and wait ~15 minutes to confirm the error in OneConnect no longer appears when the page is refreshed. For the official Microsoft documentation on the Windows PowerShell instructions: https://docs.microsoft.com/en us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online.