Using SharePoint App-Only authentication in Aquaforest Products

To give Aquaforest products access to SharePoint using app-only context, you will need to create an App Registration and give it access to the site(s) you want to process.

There are 2 ways to create an App Registration:

  1. App registration via Azure AD [blog]
    This option requires giving full control access to the whole SharePoint tenant, which may not be ideal for certain users.
  2. App registration through SharePoint
    This option allows you to give permissions to the whole tenant as well as per site.

In this blog we will discuss how to use the second option.

To create an app registration via SharePoint, navigate to the following URL (replace [tenant] with your tenant):
https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx

Generate the Client Id and Client Secret and make a note of them. Fill in the remaining information as shown below.

Click on Create

The next step is to grant permissions to the newly created app registration.

Grant access to a specific site

To grant permissions to a specific site, e.g. https://[tenant].sharepoint.com/sites/mysite, navigate to https://[tenant].sharepoint.com/sites/mysite/_layouts/15/appinv.aspx (replace [tenant] with your actual tenant)

Enter the App Id generated previously and click on Lookup

For Permission Request XML, enter the following:

<AppPermissionRequests AllowAppOnlyPolicy="true">
 <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>

Right can have the following values:

  • Read
  • Write
  • Manage
  • FullControl

You should have something like this:

Click on Create

You will be presented with a new consent dialog. Click on Trust It

This will give access only to the one site collection.

Grant access to the whole tenant

To grant permissions to the whole tenant, navigate to the following URL (replace [tenant] with your actual tenant):
https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx

Enter the App Id generated previously and click on Lookup

For Permission Request XML, enter the following:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

You should have something like this:

Click on Create

You will be presented with a new consent dialog. Click on Trust It

This will give access to all site collections in your tenant.

Enter the Client Id and Client Secret in the Aquaforest application

For instance, if you want to use App-Only Authentication in Aquaforest Searchlight (version 2.5 and above):

Under Library Settings, click on Add new Location
Select App-Only Authentication and fill in the Client Id and Client Secret


Categories

Archive

Share Post

Related Posts

We recently announced that Aquaforest is now part of PSPDFKit. We are very excited about this news! Coming together with PSPDFKit will help us…
Power Automate is a very powerful tool, making tasks and problems that would often require propriety solutions possible for your average user. Aquaforest has…