To give Aquaforest products access to SharePoint using app-only context, you will need to create an App Registration and give it access to the site(s) you want to process.
There are 2 ways to create an App Registration:
- App registration via Azure AD [blog]
This option requires giving full control access to the whole SharePoint tenant, which may not be ideal for certain users. - App registration through SharePoint
This option allows you to give permissions to the whole tenant as well as per site.
In this blog we will discuss how to use the second option.
To create an app registration via SharePoint, navigate to the following URL (replace [tenant] with your tenant):
https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx
Generate the Client Id and Client Secret and make a note of them. Fill in the remaining information as shown below.
Click on Create
The next step is to grant permissions to the newly created app registration.
Grant access to a specific site
To grant permissions to a specific site, e.g. https://[tenant].sharepoint.com/sites/mysite, navigate to https://[tenant].sharepoint.com/sites/mysite/_layouts/15/appinv.aspx (replace [tenant] with your actual tenant)
Enter the App Id generated previously and click on Lookup
For Permission Request XML, enter the following:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>Right can have the following values:
- Read
- Write
- Manage
- FullControl
You should have something like this:
Click on Create
You will be presented with a new consent dialog. Click on Trust It
This will give access only to the one site collection.
Grant access to the whole tenant
To grant permissions to the whole tenant, navigate to the following URL (replace [tenant] with your actual tenant):
https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx
Enter the App Id generated previously and click on Lookup
For Permission Request XML, enter the following:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
You should have something like this:
Click on Create
You will be presented with a new consent dialog. Click on Trust It
This will give access to all site collections in your tenant.
Enter the Client Id and Client Secret in the Aquaforest application
For instance, if you want to use App-Only Authentication in Aquaforest Searchlight (version 2.5 and above):
Under Library Settings, click on Add new Location
Select App-Only Authentication and fill in the Client Id and Client Secret
