How to Create a SharePoint Web Connection for FME Form [Multitenant]

Matt Meeboer
Matt Meeboer
  • Updated

FME Version

  • FME 2023.0

Introduction

This article will walk through configuring a SharePoint Online web service for FME Form (formerly FME Desktop) using a multitenant Microsoft Azure app and your own Client ID. If you’re not sure what the difference is, please review the Microsoft documentation on tenancy. If you are configuring for single tenant, please see How to Create a SharePoint Web Connection for FME Form [Single Tenant] .

These instructions are applicable for the SharePoint web connection used by the Microsoft SharePoint Reader/Writer and Microsoft SharePoint Online Connector from the FME Hub, but please note that a different web service template is used for each. 

If you are unsure whether you should be using the SharePoint Reader/Writer or the SharePoint Online Connector, please refer to this article: SharePoint List Reader or SharePoint Online Connector - which should I use?

Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.

 

Requirements

  • Access to your Azure Portal and permissions to create an App Registration

 

Create the Azure App Registration

To successfully use your SharePoint Web Connection in FME Form, you must create an app registration in Microsoft Azure with a Client ID and Client Secret. 

1. Register an Application in the Azure Portal

Log in to the Azure portal and go to App Registrations. 
App Registration

Add a new registration.
Add a new registration

Choose Account in any organization directory (Any Azure AD - directory - Multitenant). Leave the Redirect URI blank for now, we will update this in a later step. Click Register. 
Register Multitenant

Once the app registration has been created, the overview page will show Multiple organizations, indicating that your app is multitenant.

2. Obtain the Client ID

Take note of the Application (client) ID - this will be used to configure the web service later.
Overview Client ID

3. Add the Platform and Redirect URI

Click Authentication and then Add a platform. Choose Mobile and desktop applications
Add Mobile and desktop applications platform

For the redirect URI, enter: 

https://login.microsoftonline.com/common/oauth2/nativeclient

Click Configure.
Add Redirect URI


You should now see Mobile and desktop applications with the redirect URI added in the previous step enabled, as well as additional default URIs added by Azure.
Redirect URI Enabled


4. Add Application API Permissions

Click API permissions and then Add a permission.
Add API Permissions

The permissions you add depend on what SharePoint transformers you are using, because the SharePoint List Reader/Writer uses a different API than the SharePoint Online Connector transformer. If you want to use the same Azure app registration for both, make sure to add the permissions required for both.

For the SharePoint List Reader and Writer, scroll down and click SharePoint
SharePoint Permissions

Click Delegated permissions. Enable AllSites.Manage and MyFiles.Write. Click Add Permissions.
At this time FME does not support Application permissions. If this is necessary for your organization please submit a case and reference FMEENGINE-79472 in the description.
Configure SharePoint Permissions

For the SharePoint Online Connector from the FME Hub, choose Microsoft Graph from Request API permissions. 
Graph Permissions

Click Delegated permissions. Enable Sites.ReadWrite.All. Click Add Permissions.
At this time FME does not support Application permissions. If this is necessary for your organization please submit a case and reference FMEENGINE-79472 in the description.
Configure Graph Permissions

Once added, you should see the permissions in the list of Configured permissions.
Graph Permissions Added

Your multitenant Azure app registration is complete. 

 

Configure the Connection in FME Form

The SharePoint List Reader and Writer, and the SharePoint Online Connector, use different web service templates. Continue below to configure the SharePoint List Reader and Writer. If you only want to configure the SharePoint Online Connector, click here

SharePoint List Reader and Writer

A SharePoint web service and connection must be configured in FME Form. The connection can then be used in a workspace with the SharePoint List Reader or Writer. To use the connection on FME Flow, the workspace and web connection need to be published.  The SharePoint List Reader/Writer and SharePoint Online Connector use different connection templates, but both can use the same Azure app registration, provided the correct permissions have been granted. 

To configure a connection for the SharePoint List Reader and Writer:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services…
Manage Services

2. Create a New Web Service

On the Manage Web Services screen, click Create From > Microsoft SharePoint Online (Template)
Create List Reader Writer Service from Template

3. Populate the Web Service

  1. Web Service Name: provide a unique name
  2. Client ID: the Application (client) ID from the SharePoint multitenant app 
  3. Optional: leave this enabled
  4. Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient
  5. Authorization Parameters URL: Replace [TENANT] with your SharePoint subdomain. For example, https://xyzcompany.sharepoint.com
  6. Refresh Token Parameters Request Format: add &client_secret=[CLIENT_SECRET] after [CLIENT_ID]


Click Apply.
Configure List Reader Writer Web Service


The new web service should now be in the list of web services on the left. 
New Web Service Added

Important: The web service will currently only work on FME Form. We need to add a client secret for SharePoint to communicate with FME Flow. The reason we do not do this in FME Form is because SharePoint online does not ‘trust’ desktop applications with a client secret - you would receive a 401 error in FME Form if you add it at this stage. However, the client secret is required by SharePoint for web applications like FME Flow.

For more information, please refer to Microsoft’s documentation: Request an access token with a client_secret

 

If you wish to use your SharePoint web service on FME Flow, complete all steps in this article first and then continue to the FME Flow article linked at the bottom.

4. Test the Web Service

Scroll down to the bottom of the web service and click Test.  
When prompted, enter your Microsoft SharePoint credentials. If prompted by Microsoft to grant permissions to the Azure app, click Accept. 
Note: you must have access to the SharePoint site you are trying to connect to.

5. Create the Web Connection

Close Web Services. From Web Connections, click the plus (+) button to add a new connection.
Add Web Connection

Choose the web service you created and give the connection a unique name. Click OK. 
List Reader Writer Connection Name

You will be prompted again to authenticate with Microsoft. After successfully authenticating, your web connection is ready to use in FME Form. 

If you need to create a connection for the SharePoint Online Connector, continue to the next section. 

If you want to use your connection in FME Flow, please see How to Create a SharePoint Web Connection for FME Flow [Multitenant]
 

SharePoint Online Connector (FME Hub)

If you plan to use the SharePoint SharePoint Online Connector from the FME Hub in addition to, or instead of, the SharePoint List Reader and Writer, then you will need a separate web service and connection. The process is almost identical to setting up the SharePoint List Reader and Writer connection, but a different template is used. This is because the SharePoint List Reader/Writer and the SharePoint Online Connector use different APIs.

To configure a connection for the SharePoint Online Connector:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services…
Manage Services

2. Create a New Web Service
On the Manage Web Services screen, click Create From > Microsoft SharePoint Online (safe.microsoft-sharepoint)
Note: in FME Form versions prior to 2023, you will not be able to create a new web service from the Microsoft SharePoint Online (safe.microsoft-sharepoint) template - you will need to instead modify the existing template web service.
Create from Template SharePoint Online Connector


3. Populate the Web Service

  1. Web Service Name: provide a unique name
  2. Client ID: the Application (client) ID from the SharePoint multitenant app 
  3. Optional: leave this checked 
  4. Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient


Click Apply.
Configure SharePoint Connector Web Service

4. Test the Web Service
Scroll down to the bottom of the web service and click Test.  
When prompted, enter your Microsoft SharePoint credentials. If prompted by Microsoft to grant permissions to the Azure app, click Accept. 

Note: you must have access to the SharePoint site you are trying to connect to.

Tip: if testing the web service requires admin consent, and you already consented in the Azure App Registration you should modify the URL under Authorization Parameters. Find &prompt=consent in the auth url and change to &prompt=none.
For more information refer to Microsoft documentation: Send the sign-in request


5. Create the Web Connection
Close Web Services. From Web Connections, click the plus (+) button to add a new connection.
Create the web connection

Choose the web service you created and give the connection a unique name. Click OK. 
Name the SharePoint Online Connector connection

You will be prompted again to authenticate with Microsoft. After successfully authenticating, your web connection and service are ready to use in FME Form.

If you encounter issues Authenticating your SharePoint connection, please see Troubleshooting SharePoint Web Connections and Services.

If you want to use your connection in FME Flow, please see How to Create a SharePoint Web Connection for FME Flow [Multitenant].

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.