Skip to main content

Set Up SharePoint Modern Authentication

  • Updated

This article describes how to set up Modern Authentication for SharePoint to use with integration configurations, like Tabular Data.

Important

The user setting up Modern Authentication must be a Global Admin (Tenant Admin) as well as the Site Collection Admin.

  1. Go to your SharePoint Site URL. You will need this Url for integration configurations, such as the Tabular Data integration. This URL will usually follow the format of https://[tenantName].sharepoint.com/sites/[siteName]

    Picture1.png

    Note

    This URL will be used in the OneConnect Integration.

  2. Register a SharePoint add-in (app) using the AppRegNew form and grant the API permissions.

    1. Register the Add-in using the AppRegNew Form. Go to [TenantSharePointSite]/_layouts/15/AppRegNew.aspx

      Picture2.png

      The page will look like this:

      Picture3.png

      • Client ID: Click on the Generate button to be given a custom GUID.

      • Client Secret: Click on the Generate button to be given a unique secret.

      • Title: The name of your add-in that will be displayed to the end user.

      • App domain: The domain where the add-in is hosted. In this example, I used my.oneconnect.ai (NO SLASHES / OR https:)

        Note

        If you use www.oneconnect.ai an error when testing the integration connection will pop up saying “Microsoft.IdentifyModel.SecurtyTokenService.Requ…. Token request failed.”

      • Redirect URL: For token generation. In this example, I used https://my.oneconnect.ai

      Picture4.png

    2. Click Create. A new page will show giving the user the Client ID, Client Secret, Title, App Domain, and Redirect URL. Save the Title, Client ID and Client Secret for future use. These will be needed for the next step, and for the OneConnect Integration.

      Note

      The client id and client secret are linked to individual OneDrive URLs.

    3. To grant API Permissions. Go to [TenantSharePointSite]/_layouts/15/AppInv.aspx

      Picture5.png

      • App Id: Enter the client Id.

      • Title: Enter the title used in the AppRegNew form

      • App domain: The domain where the add-in is hosted. In this example, I used my.oneconnect.ai (NO SLASHES / OR https:)

      • Redirect URL: For token generation. I used https://my.oneconnect.ai

      • Permission Request XML: Enter the following code to grant full control:

        <AppPermissionRequests
AllowAppOnlyPolicy="true">
<AppPermissionRequest
Scope="http://sharepoint/content/sitecollection"
Right="FullControl"/>
<AppPermissionRequest
Scope="http://sharepoint/content/sitecollection/web"
Right="FullControl"/>
</AppPermissionRequests>
      Picture6.png

    4. After you click Create you will be prompted to trust the add-in. Click Trust It.

    5. To check if the permissions have been applied, go to [TenantSharePointSite]/_layouts/15/appprincipals.aspx

    6. The XML code grants you 2 full control permissions on a site collection and full control on a web. See Available scopes and permissions, and restrictions on Office Store apps permissions from Microsoft for a detailed description of other options.

  3. If integration is made, however when looking at the field mappings page shows an error of 401 Unauthorized, that means that the Tenant is on the newer side. To fix this:

    1. At SharePoint site, click on the top right waffle icon, and click on Admin. This will bring up the Microsoft 365 Admin Center.

      Picture7.png

      The Microsoft 365 Admin URL will be similar to this:

      Picture8.png

    2. In the Microsoft 365 Admin Center, click on the hamburger icon on the top left of the page to expand the Navigation bar, and click on the three dots labeled Show All. This will bring additional navigational items into the view. Click on SharePoint option. This will open the SharePoint Admin Center page.

      Picture9.png

      The SharePoint Admin URL will be similar to this:

      Picture10.png

    3. On the desktop of the computer. Open Windows PowerShell with Administrator Privileges. In the Windows PowerShell paste these commands and press Enter after each command:

      1. Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version

      2. Install-Module-Name Microsoft.Online.SharePoint.PowerShell

        1. If this is your first time using Windows PowerShell, you will get two Notifications, the first: “NuGet Provider is required to continue”. Read the notification. Type “Y” and press Enter.

        2. The second notification will say “Untrusted repository”. Read the notification.  Type “Y” and press Enter.

      3. Install-Module -Name Microsoft.Online.SharePoint.PowerShell -Scope CurrentUser

      4. Update-Module -Name Microsoft.Online.SharePoint.PowerShell

      5. Connect-SPOService -Url [SharePoint Admin Site] -Credential [Admin Credentials]

        1. Replace the [SharePoint Admin Site] with the SharePoint Admin URL (from step 3b) that will match this format: [TenantSite-admin.sharepoint.com]

        2. Replace [Admin Credentials] with the Global Administrator/Tenant Administrator username.

        3. A notification will appear asking “Do you want to run software from this untrusted publisher?”. Read the notification. Type“A” and press Enter.

      6. Set-SPOTenant -DisableCustomAppAuthentication $true

      7. Set-SPOTenant -DisableCustomAppAuthentication $false

    4. Once all the commands have been entered successfully, close windows PowerShell, and wait 15 minutes, then check in OneConnect if the field mappings show up when refreshed. For the official Microsoft documentation on the Windows PowerShell instructions: https://docs.microsoft.com/en us/powershell/sharepoint/sharepoint-online/connect-sharepoint-online

Related articles

Comments

0 comments

Article is closed for comments.