SharePoint app-only Configuration Azure AD application
Description: Accessing SharePoint using an application context, also known as app-only can be done by using an Azure AD application. In Azure AD when doing app-only you typically use a certificate to request access: anyone having the certificate and its private key can use the app and the permissions granted to the app.
Setting up an Azure AD app for app-only access
Sign in to Azure AD account using this link. Please ensure you have administrative access.
Navigate to Azure “Active Directory” → “App registrations” → “New registration”
Fill the form as following:
Name: Auzmor SharePoint App (It can be anything)
Supported account types: Accounts in this organizational directory only.
Click on Register.
You will be redirected to Application overview page.
Copy the Client ID. This Client ID needs to be provided to Auzmor for integration.
We can use OpenSSL to generate a certificate.
Install OpenSSL:
Download and install OpenSSL from the official website.
Generate Private Key:
openssl genpkey -algorithm RSA -out private-key.pemCreate Certificate Signing Request (CSR):
openssl req -new -key private-key.pem -out csr.pemGenerate Self-Signed Certificate:
openssl x509 -req -in csr.pem -signkey private-key.pem -out certificate.pem -days 365
Upload the certificate to Azure AD.
Go back to your app in the Azure portal.
Navigate to ”Certificates & secrets”.
Click ”Upload certificate” and upload the
certificate.pemfile.Copy Thumbprint generated after uploading the certificate.
To give the app access to SharePoint, you need to assign API permissions.
Go to “API permissions” in your app’s settings.
Click ”Add a permission” → ”Microsoft Graph” → ”Application permissions”
Select the permissions
Sites.Read.AllandSites.SelectedClick ”Add a permission” → ”SharePoint” → ”Application permissions”
Select the permissions
Sites.Read.AllandSites.SelectedClick on “Add permissions”
Click ”Grant admin consent”
Note: We require Sites.Read.All permission for listing of the sites.
Execute the below Powershell script as an Administrator.
Connect to the SharePoint tenant.
- Connect-PnPOnline -Url <Your Tenant url>Run the below command for every site that should be accessible by the app.
- Grant-PnPAzureADAppSitePermission -AppId <Azure AD Client ID>
- DisplayName 'Auzmor Sharepoint App' -Site <Your Site Url> -Permissions FullControl
Enter the Client ID, Thumbprint, your SharePoint domain and upload Private key private-key.pem on Auzmor to complete the integration.
Related Articles
Azure Active Directory SSO Configuration
Azure Active Directory SSO Configuration Login in azure portal with the Microsoft account Click Azure Active Directory in the homepage Click Enterprise applications under Manage tab on the left Click the New application Select the Non-gallery ...G-Suite SSO Configuration
G-Suite SSO Configuration Login in to Google Admin account From the apps menu select Admin Click Apps in the admin console Click tile that says SAML apps Click yellow plus icon at the bottom right Click SETUP MY OWN CUSTOM APP at the bottom Note down ...Okta SSO Configuration
Below are the steps to Configure Okta SSO: Enter the Login credentials and click Sign In button Once logged in, please ensure that you are accessing the platform as an Admin (Using the “Admin” View) Click on the Applications option on the Left-Hand ...How to run an ad-hoc Scheduled Report
How to run an ad-hoc Scheduled Report When a Scheduled Report needs to be generated immediately before the next schedule Interval, the Quick Run option can be used. Reports which do not have a schedule configured would have to be generated this way ...Configuring 2FA via an authenticator app
Configuring 2FA via an authenticator app When two-factor authentication is enabled for the organization. with the authenticator app, the learners will be prompted to configure it any one of the authenticator apps - Microsoft authenticator app, Google ...