How to Create a SharePoint Web Connection for FME Form [Single Tenant]

Matt Meeboer
Matt Meeboer
  • Updated

FME Version

  • FME 2023.0

Introduction

This article will walk through configuring a SharePoint Online web service for FME Form (formerly FME Desktop) using a single tenant Microsoft Azure app and your own Client ID. If you’re not sure what the difference is, please review the Microsoft documentation on tenancy . If you are configuring for multitenant, please see How to Create a SharePoint Web Connection for FME Form [Multitenant] .

These instructions are applicable for the SharePoint web connection used by the Microsoft SharePoint Reader/Writer and Microsoft SharePoint Online Connector from the FME Hub, but please note that a different web service template is used for each. 

If you are unsure whether you should be using the SharePoint Reader/Writer or the SharePoint Online Connector, please refer to this article: SharePoint List Reader or SharePoint Online Connector - which should I use?

Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.

 

Requirements

  • Access to your Azure Portal and permissions to create an App Registration

 

Create the Azure App Registration

To successfully use your SharePoint Web Connection in FME Form, you must create an app registration in Microsoft Azure with a Client ID and Client Secret. 

1. Register an Application in the Azure Portal

Log in to the Azure portal and go to App Registrations. 
App Registration

Add a new registration.
New App Registration

Choose Accounts in this organizational directory only (Single tenant). Leave the Redirect URI blank for now, we will update this in a later step. Click Register. 
Single Tenant Registration

2. Obtain the Client and Tenant ID

Take note of the Application (client) ID and the Directory (tenant) ID - these will be used to configure the web service later.

Note: you can confirm that your app is a single tenant app if the Supported account types is My organization only.
Client and Tenant IDs


3. Add the Platform and Redirect URI

Click Authentication and then Add a platform. Choose Mobile and desktop applications
Add Mobile and Desktop Platform

For the Custom redirect URIs, enter: 

https://login.microsoftonline.com/[TENANT ID]/oauth2/nativeclient 

Replace [TENANT ID] with the value of Directory (tenant) ID from the app registration overview.

Click Configure.
Configure redirect URI

You should now see Mobile and desktop applications with the redirect URI added in the previous step enabled, as well as additional default URIs added by Azure.
Enabled Redirect URI

4. Add Application API Permissions

Click API permissions and then Add a permission.
Add API Permission

The permissions you add depend on what SharePoint transformers you are using, because the SharePoint List Reader/Writer uses a different API than the SharePoint Online Connector transformer. If you want to use the same Azure app registration for both, make sure to add the permissions required for both.

For the SharePoint List Reader and Writer, scroll down and click SharePoint
SharePoint API Permissions

Click Delegated permissions. Enable AllSites.Manage and MyFiles.Write. Click Add Permissions.
At this time FME does not support Application permissions. If this is necessary for your organization please submit a case and reference FMEENGINE-79472 in the description.
Configure SharePoint API Permissions


For the SharePoint Online Connector from the FME Hub, choose Microsoft Graph from Request API permissions. 
Graph API Permissions

Click Delegated permissions. Enable Sites.ReadWrite.All. Click Add Permissions.
At this time FME does not support Application permissions. If this is necessary for your organization please submit a case and reference FMEENGINE-79472 in the description.
Configure Graph API Permissions

Once added, you should see the permissions in the list of Configured permissions.
Permissions Added

Your single tenant Azure app registration is complete. 

Configure the Connection in FME Form

The SharePoint List Reader and Writer, and the SharePoint Online Connector, use different web service templates. Continue below to configure the SharePoint List Reader and Writer. If you only want to configure the SharePoint Online Connector, click here

SharePoint List Reader and Writer

A SharePoint web service and connection must be configured in FME Form. The connection can then be used in a workspace with the SharePoint List Reader or Writer. To use the connection on FME Flow, the workspace and web connection need to be published. The SharePoint List Reader/Writer and SharePoint Online Connector use different connection templates, but both can use the same Azure app registration, provided the correct permissions have been granted.  

To configure a connection for the SharePoint List Reader and Writer:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services…
Manage Services

2. Create a New Web Service

On the Manage Web Services screen, click Create From > Microsoft SharePoint Online (Template)
CreateListReaderWriterWebService

3. Populate the Web Service

Single Tenant applications cannot use the /common/ endpoints, so you will need to replace all instances of /common/ with your Tenant ID. 

  1. Web Service Name: provide a unique name
  2. Client ID: the Application (client) ID from the SharePoint single tenant app
  3. Optional: leave this enabled - the client `secret needs to be added in FME Flow
  4. Redirect URI: https://login.microsoftonline.com/[TENANT ID]/oauth2/nativeclient
  5. Authorization Parameters URL: Replace common with your Tenant ID
  6. Authorization Parameters URL: Replace [TENANT] with your SharePoint subdomain. For example, https://xyzcompany.sharepoint.com
  7. Retrieve Token Parameters URL: Replace common with your Tenant ID
  8. Refresh Token Parameters URL: Replace common with your Tenant ID
  9. Refresh Token Parameters Request Format: add &client_secret=[CLIENT_SECRET] after [CLIENT_ID]

Click Apply.
Configure List Reader Writer Web Service

The new web service should now be in the list of web services on the left. 
List Reader Writer Web Service Created

Important: The web service will currently only work on FME Form. We need to add a client secret for SharePoint to communicate with FME Flow. The reason we do not do this in FME Form is because SharePoint online does not ‘trust’ desktop applications with a client secret - you would receive a 401 error in FME Form if you add it at this stage. However, the client secret is required by SharePoint for web applications like FME Flow.

For more information, please refer to Microsoft’s documentation: Request an access token with a client_secret

If you wish to use your SharePoint web service on FME Flow, complete all steps in this article first and then continue to the FME Flow article linked at the bottom.

4. Test the Web Service

Scroll down to the bottom of the web service and click Test.  
When prompted, enter your Microsoft SharePoint credentials. If prompted by Microsoft to grant permissions to the Azure app, click Accept. 

Note: you must have access to the SharePoint site you are trying to connect to.

5. Create the Web Connection

Close Web Services. From Web Connections, click the plus (+) button to add a new connection.
Add Web Connection

Choose the web service you created and give the connection a unique name. Click OK. 
Name List Reader Writer Web Connection

You will be prompted again to authenticate with Microsoft. After successfully authenticating, your web connection is ready to use in FME Form. 

If you need to create a connection for the SharePoint Online Connector, continue to the next section. 

If you want to use your connection in FME Flow, please see How to Create a SharePoint Web Connection for FME Flow [Single Tenant]
 

SharePoint Online Connector (FME Hub)

If you plan to use the SharePoint SharePoint Online Connector from the FME Hub in addition to, or instead of, the SharePoint List Reader and Writer, then you will need a separate web service and connection. The process is almost identical to setting up the SharePoint List Reader and Writer connection, but a different template is used. This is because the SharePoint List Reader/Writer and the SharePoint Online Connector use different APIs.

To configure a connection for the SharePoint Online Connector:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services…
Manage Web Services

2. Create a New Web Service

On the Manage Web Services screen, click Create From > Microsoft SharePoint Online (safe.microsoft-sharepoint)
Note: in FME Form versions prior to 2023, you will not be able to create a new web service from the Microsoft SharePoint Online (safe.microsoft-sharepoint) template - you will need to instead modify the existing template web service.
Create Connector Web Service

3. Populate the Web Service

Single Tenant applications cannot use the /common/ endpoints, so you will need to replace all instances of /common/ with your Tenant ID. 

  1. Web Service Name: provide a unique name
  2. Client ID: the Application (client) ID from the SharePoint single tenant app 
  3. Optional: leave this checked - the client secret needs to be added in FME Flow
  4. Redirect URI: https://login.microsoftonline.com/[TENANT ID]/oauth2/nativeclient
  5. Authorization Parameters URL: replace common with your Tenant ID
  6. Retrieve Token Parameters URL: Replace common with your Tenant ID
  7. Refresh Token Parameters URL: Replace common with your Tenant ID


Click Apply.
Configure Connector Web Service

4. Test the Web Service

Scroll down to the bottom of the web service and click Test.  
When prompted, enter your Microsoft SharePoint credentials. If prompted by Microsoft to grant permissions to the Azure app, click Accept. 

Note: you must have access to the SharePoint site you are trying to connect to.

Tip: if testing the web service requires admin consent, and you already consented in the Azure App Registration, you should modify the URL under Authorization Parameters. Find &prompt=consent in the auth url and change to &prompt=none.
For more information, refer to Microsoft documentation: Send the sign-in request.


5. Create the Web Connection

Close Web Services. From Web Connections, click the plus (+) button to add a new connection.
Add Web Connection

Choose the web service you created and give the connection a unique name. Click OK. 
Name SharePoint Connector Web Connection

You will be prompted again to authenticate with Microsoft. After successfully authenticating, your web connection and service are ready to use in FME Form.

If you encounter issues authenticating your SharePoint connection, please see Troubleshooting SharePoint Web Connections and Services.

If you want to use your connection in FME Flow, please see How to Create a SharePoint Web Connection for FME Flow [Single Tenant].
 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.