How to Create a SharePoint List Single Tenant Web Connection

Matt Meeboer
Matt Meeboer
  • Updated

Introduction

This article will walk through configuring a SharePoint List Reader/Writer web connection in FME Form using a single tenant Azure app registration with delegated permissions. Delegated permissions allow a user to authorize a connection with their Microsoft credentials. 

To know if this is the right approach for you, and for a full list of all SharePoint connection articles, please first read Getting Started with Microsoft SharePoint.

Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.

 

Requirements

 

Step-by-step Instructions

Part 1: Create the Azure App Registration

Before you can create a SharePoint Web Connection in FME Form, you must create an app registration in Microsoft Azure.


1. Register an App in the Azure Portal

Log in to the Azure portal and go to App Registrations.
App Registration

Add a new registration.
New App Registration

Choose ‘Accounts in this organizational directory only (Single tenant)’. Leave the Redirect URI blank for now, we will update this in a later step. Click Register.
Single Tenant Registration

2. Obtain the Client ID and Tenant ID

On the new app’s Overview page, take note of the Application (client) ID and the Directory (tenant) ID - these will be used to configure the web service later.

Note: you can confirm that your app is a single tenant app if the value of ‘Supported account types’ is ‘My organization only’.
Client and Tenant IDs


3. Add the Platform and Redirect URI

Click Authentication and then Add a platform. Choose Mobile and desktop applications.
Add Mobile and Desktop Platform

For the Custom redirect URIs, enter: 

https://login.microsoftonline.com/[TENANT ID]/oauth2/nativeclient

Replace [TENANT ID] with the value of Directory (tenant) ID from the app registration overview.

Click Configure.
Configure redirect URI

You should now see Mobile and desktop applications with the redirect URI added in the previous step enabled, as well as additional default URIs added by Azure.
Enabled Redirect URI

4. Add Delegated API Permissions

Click API permissions and then Add a permission.
Add API Permission

Choose SharePoint from Request API permissions.


Click Delegated permissions. Click Delegated permissions. Enable AllSites.Manage and MyFiles.Write. Click Add Permissions.



Once added, you should see the SharePoint AllSites.Manage and MyFiles.Write permissions in the list of Configured permissions.

Your single tenant Azure app registration is complete.

Part 2: Configure the Connection in FME Form

A SharePoint List Reader/Writer web service must be configured before the web connection can be created. Follow these steps:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services.


2. Create a New Web Service

On the Manage Web Services screen, click the plus sign below the list of web services and then Create From > Microsoft SharePoint Online (Template)

3. Populate the Web Service

Single Tenant applications cannot use the /common/ endpoints. The ‘/common/’ endpoints are for multitenant Azure app registrations. Replace all instances of /common/ with your Tenant ID. 

  1. Web Service Name: provide a unique name. It’s recommended to include the transformer that this web service will be used for and the Azure app registration name, so that you can cross-reference it.
  2. Client ID: the Application (client) ID from the SharePoint single tenant app
  3. Optional: leave this enabled - the client `secret needs to be added in FME Flow
  4. Redirect URI: https://login.microsoftonline.com/[TENANT ID]/oauth2/nativeclient
  5. Authorization Parameters URL: Replace common with your Tenant ID
  6. Authorization Parameters URL: Replace [TENANT] with your SharePoint subdomain. For example, https://xyzcompany.sharepoint.com
  7. Retrieve Token Parameters URL: Replace common with your Tenant ID
  8. Refresh Token Parameters URL: Replace common with your Tenant ID
  9. Refresh Token Parameters Request Format: add &client_secret=[CLIENT_SECRET] after [CLIENT_ID], unless it is already present

It’s also important to ensure that the web service’s Redirect URI value matches the custom redirect URI that was applied to the Azure registered application in Create the Azure App Registration step 3. If these two values do not match, the web service will not function properly.

Click Apply.

 

4. Test the Web Service

Scroll down to the bottom of the web service and click Test. 
When prompted, enter your Microsoft credentials. If prompted by Microsoft to grant permissions to the Azure app, click Accept. 



You may be prompted to request admin approval after providing your Microsoft SharePoint credentials. If you or your Azure Administrator already approved the application in Azure, you should modify the Authorization URL under the Authorization Parameters section of the SharePoint web service: 1) Find ‘&prompt=consent’ and change it to ‘&prompt=login’ and retest 2) If that doesn’t work, try removing the ‘&prompt=’ parameter and value and retest. For more information, refer to Microsoft documentation: Send the sign-in request

Once the web service test is successful, you can create a web connection. Close the Manage Web Services dialog to return to the Web Connections menu.

5. Create the Web Connection

From Web Connections, click the plus (+) button to add a new connection.


Choose the web service you created and give the connection a unique name. Click OK.


You will be prompted again to authenticate with Microsoft. 

After successfully authenticating, your web connection and service are ready to use in FME Form. Note that the Microsoft account you authenticate with must have access to the SharePoint lists you want to connect to in FME. 

 

If you encounter issues authenticating your SharePoint connection, please see Troubleshooting SharePoint Web Connections and Services.

If you want to use your connection in FME Flow, please see How to Create a SharePoint Single Tenant Web Connection for FME Flow.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.