Introduction
This article will walk through configuring a SharePointOnlineConnector web connection in FME Form using an Azure app registration with application permissions. Application permissions allow FME to connect to SharePoint without providing Microsoft credentials to authorize the connection.
To know if this is the right approach for you, and for a full list of all SharePoint connection articles, please first read Getting Started with Microsoft SharePoint.
Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.
Requirements
- Administrator access to your Microsoft Azure Portal to create an app registration and grant admin consent
- FME 2024.1 Build 24594 or later with SharePoint Online package version 1.2 or later from the FME HUB
Step-by-step Instructions
Part 1: Create the Azure App Registration
Before you can create a SharePoint Web Connection in FME Form, you must create an app registration in Microsoft Azure.
1. Register an App in the Azure Portal
Log in to the Azure portal and go to App Registrations.
Add a new registration.
If you’re registering a Multitenant application, choose ‘Accounts in any organization directory (Any Azure AD - directory - Multitenant)’. For a single tenant application, choose ‘Accounts in this organizational directory only’. The Redirect URI can be left empty. The example in the screenshot below shows a multitenant registration.
Click Register.
2. Obtain the Client ID and Tenant ID
On the new app’s Overview page, take note of the Application (client) ID and the Directory (tenant) ID - these will be used to configure the web connection in FME later.
Note: you can confirm that your app is a mutitenant app if the value of ‘Supported account types’ is ‘Multiple organizations’. If it is single tenant, the value will be ‘My organization only’.
3. Add Application API Permissions
Click API permissions and then Add a permission.
Choose Microsoft Graph from Request API permissions.
Click Application permissions. Search for and then check off Sites.ReadWrite.All. Click Add Permissions.
Once added, you should see the Sites.ReadWrite.All permissions in the list of Configured permissions. Since this permission requires admin consent, click ‘Grant admin consent…’
Confirm that the Status is now Granted.
If you wish to assign more restrictive permissions, you can use a combination of Sites.Read.All and Files.ReadWrite.All instead of Sites.ReadWrite.All. Other permissions may also work, but may require you to perform additional configuration and testing that is outside the scope of this article.
4. Create a Client Secret
Click Certificates & secrets and then 'New client secret'.
Give your client secret a description and expiry. Click Add.
Once your client secret expires, you will need to create a new one and update your web connection to continue connecting to SharePoint.
After clicking Add, make sure to copy the secret value (not the Secret ID) and store it in a safe place, like a password manager. You will only get one chance to save the secret value! You can create another secret if needed.
Your Azure app registration is complete.
Part 2: Configure the Connection in FME Form
Application permissions use a simple client credentials OAuth2.0 flow, so configuring a web service is not required before creating a web connection. To learn more, please read Getting Started with Microsoft SharePoint. Follow the steps below to create a web connection:
1. Create a New Web Connection
From Web Connections, click the plus (+) button to add a new connection.
2. Populate the Web Connection
- Web Service: choose the ‘Microsoft Graph (App Only)’ web service. This web service comes with the SharePoint Online package from the FME HUB.
- Connection Name: provide a unique name. It’s recommended to include the transformer that this web service will be used for and the Azure app registration name, so that you can cross-reference it.
- Tenant ID: the Directory (tenant) ID from the SharePoint app registration
- Client ID: the Application (client) ID from the SharePoint app registration
- Client Secret: the Client Secret value from the client secret you added to the SharePoint app registration
Click OK.
After clicking OK, FME will use the web connection to obtain an access token from Azure. If you receive an Access Token Generation Failed error, like the example below, re-confirm your settings and try again.
If you do not receive an error, then your web connection is ready to use in FME Form.
This connection can also be published to and used in FME Flow without additional configuration or authorization.
Comments
0 comments
Please sign in to leave a comment.