How to Create a SharePoint Multitenant Web Connection for FME Flow

Matt Meeboer
Matt Meeboer
  • Updated

FME Version

Introduction

This article will walk through configuring a SharePoint web service for FME Flow using a multitenant Microsoft Azure app registration and delegated permissions.  

To know if this is the right approach for you, and for a full list of all SharePoint connection articles, please first read Getting Started with Microsoft SharePoint. If you are using a SharePointOnlineConnector web service with application permissions (OAuth2.0 client credentials flow), then no additional configuration is required after publishing to FME Flow.

Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.

 

Requirements

 

Step-by-step Instructions

Part 1: Create the Azure App Registration

To successfully use your SharePoint Web Connection on FME Flow, your app registration must include the web as a platform with a valid redirect URI and have a Client Secret. If you have already created an app registration in Azure in FME Form, then you can modify it to work with FME Flow. If you do not yet have a multitenant Azure App Registration or SharePoint Web Connection in FME Form, follow the steps to create one. See Creating a SharePoint Web Connection

1. Open the  Application Registration in the Azure Portal

Log in to the Azure portal and go to App Registrations. 
App Registrations

Click on your multitenant tenant app registration to open it.
Edit App Registration

2. Add the Web Platform and Redirect URI

Click Authentication and then 'Add a platform'. Choose Web.
Add Web Platform

For the redirect URI, enter your FME Flow URL followed by /fmeoauth. For example, https://myfmeserver.mydomain.com/fmeoauth. Note that your FME Flow instance must be configured to use HTTPS

Click Configure.
Configure Web URI
 
You should now see Web added with the redirect URI. You can add additional redirect URIs for other Instances of FME Flow that you plan to use the SharePoint connection on.
RedirectURI

3. Create a New Client Secret

To connect to SharePoint from FME Flow, you must have a client secret. This is not required in FME Form; it is only required in FME Flow.
Microsoft requires a client secret for confidential web apps (and this should not be used in a native app, like FME Form).

Click Certificates & secrets and then New client secret. 
CreateClientSecret

Give your client secret a description and expiry. Click Add. 

Once your client secret expires, you will need to create a new one and update your FME Flow web service to continue connecting to SharePoint.


Add New Client Secret

After clicking Add, make sure to copy the secret value (not the Secret ID) and store it in a safe place, like a password manager. You will only get one chance to save the secret value! You can create another secret if needed.
Client Secret Value

Your multitenant Azure app registration is ready for FME Flow. 
 

Part 2: Publish to FME Flow and Modify the Web Service(s)

You should already have a working web connection and web service in FME Form to publish to FME Flow. If not, follow the instructions in one of the multitenant articles listed in Creating a SharePoint Web Connection

1. Publish to FME Flow

In FME Form, open a workspace using the SharePoint List Reader/Writer and/or the SharePoint Online Connector (depending on which your workflow uses). Click the publish button.
FME Form Publish

Proceed through the publish wizard. On the Upload Connections step, make sure to enable the new SharePoint connection(s) you have created. This will upload both the web connection and its underlying web service to FME Flow.
Upload Connections

If you are using the SharePoint Online Connector from the FME Hub, you will also need to upload the SharePoint Online package.
Upload SharePoint Connector Package

Click Publish to complete the publish wizard and publish the workspace, connections and package to FME Flow.
Publish to Flow

2. Modify Web Service on FME Flow

Log in to FME Flow. From the side menu, click Connections & Parameters. If you’re using a version of FME Flow prior to 2023, click Files & Connections. You should see the connection(s) you published from FME Workbench and their associated web services. Click Manage Web Services.
Manage Web Services

Click on the web service you want to edit. In this example, the web service for the list reader and writer, however the process is the same for web connections used by the SharePoint Online Connector.
Edit Web Service

Fill in the details for your web service:

  • Description (optional): it’s recommended to update the description so that it reflects the Azure app name and tenant used by this web service
  • Client Id: this should already be present and match the Application (client) ID from your Azure app.
  • Client Secret: the client secret value from your Azure app, found in Certificates & Secrets. If you did not save the value when you first created the secret, you will need to create another in Azure.
  • Redirect URI (or Authorization URL): the Redirect URI, ending in fmeoauth, for your FME Flow instance. This was added to the web platform in your Azure app under Authentication in a prior step. For example, https://myfmeserver.mydomain.com/fmeoauth

Edit Web Service Values

Click OK to save the changes.

3. Authorize the Web Connection on FME Flow

Return to the Web Connections page. Click on the web connection associated with the web service. 
Edit Web Connection

Click Authorize. You will be prompted to log in with your Microsoft SharePoint credentials and accept the Azure app’s requested permission. Once authorized successfully, the web connection will have a green checkmark. Click OK to close the web connection.
Authorize Connection

The SharePoint web connection will now work on FME Flow.

Repeat the same process of modifying the web service and authorizing the web connection for your second SharePoint connection, if you have one. 
 

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.