Versions Compared

Old Version 1

changes.mady.by.user Andres Aguilar

Saved on

compared with

New Version 2

changes.mady.by.user Andres Aguilar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This section describes how to authenticate into SharePoint REST API using Azure AD Applications by delegating permissions from a service account.



Part 1: Create the Azure AD Application

  1. Log into the Azure Management Portal for your Office 365 tenant.
  2. Go to the Azure Active Directory tab and select App Registrations.
  3. Select "New Registration".
  4. On "Supported account types" select "Accounts in this organizational directory only ".
  5. On "Redirect URI" select Web.
  6. Enter a the Aspire URI and click "Register".
  7. Look for your new application on the Registered Applications list and click it.
  8. On the "Certificates & Secrets" create a new Client Secret, and safely store it (we will need this for the Aspire configuration)
  9. Go to API Permissions and click on "Add a permission".
  10. On the "Select an API" section, add the "SharePoint" application
  11. Select "Delegated Permissions" and check the following permissions:
    1. TermStore.Read.All: Read Managed Metadata.
    2. AllSites.FullControl: Have Full Control of all Site Collections. (will only grant access to those sites the service account has access to)
  12. Click on "Add permissions".
  13. After saving, you have to click "Grant admin consent" to apply the changes.