How to Create a SharePoint List Multitenant Web Connection

Matt Meeboer
Matt Meeboer
  • Updated

Introduction

This article will walk through configuring a SharePoint List Reader/Writer web connection in FME Form using a multitenant Azure app registration with delegated permissions. Delegated permissions allow a user to authorize a connection with their Microsoft credentials. 

Please read Getting Started with Microsoft SharePoint to determine if this is the right approach for you and for a full list of all SharePoint connection articles. 

Please note that Azure is subject to change at any time, so the instructions and screenshots in this article may be slightly different, but the concepts remain the same.

 

Requirements

 

Step-by-step Instructions

Part 1: Create the Azure App Registration

Before creating a SharePoint Web Connection in FME Form, you must create an app registration in Microsoft Azure.


1. Register an App in the Azure Portal

Log in to the Azure portal and go to App Registrations.
App Registration

Add a new registration.
New App Registration

Choose ‘Accounts in any organization directory (Any Azure AD - directory - Multitenant)’. Leave the Redirect URI blank for now, we will update this in a later step. Click Register.


2. Obtain the Client ID and Tenant ID

On the new app’s Overview page, take note of the Application (client) ID and the Directory (tenant) ID - these will be used to configure the web service later.

Note: you can confirm that your app is a multitenant app if the value of ‘Supported account types’ is ‘Multiple organizations’.



3. Add the Platform and Redirect URI

Click Authentication and then Add a platform. Choose Mobile and desktop applications.


For the Custom redirect URIs, enter: 

https://login.microsoftonline.com/common/oauth2/nativeclient


Click Configure.


You should now see Mobile and desktop applications with the redirect URI added in the previous step enabled, as well as additional default URIs added by Azure.


4. Add Delegated API Permissions

Click API permissions and then Add a permission.
Add API Permission

Choose SharePoint from Request API permissions.


Click Delegated permissions. Click Delegated permissions. Enable AllSites.Manage and MyFiles.Write. Click Add Permissions.



Once added, you should see the SharePoint AllSites.Manage and MyFiles.Write permissions in the list of Configured permissions.

Your multitenant Azure app registration is complete.

Part 2: Configure the Connection in FME Form

A SharePoint List Reader/Writer web service must be configured before the web connection can be created. Follow these steps:

1. Open Web Services

In FME Form, go to Tools > FME Options > Web Connections > Manage Services.


2. Create a New Web Service

On the Manage Web Services screen, click the plus sign below the list of web services and then Create From > Microsoft SharePoint Online (Template)

3. Populate the Web Service

  1. Web Service Name: provide a unique name. It’s recommended to include the transformer that this web service will be used for and the Azure app registration name, so that you can cross-reference it.
  2. Client ID: the Application (client) ID from the SharePoint multitenant app 
  3. Optional: leave this enabled
  4. Redirect URI: https://login.microsoftonline.com/common/oauth2/nativeclient
  5. Authorization Parameters URL: replace [TENANT] with your SharePoint subdomain. For example, https://xyzcompany.sharepoint.com
  6. Refresh Token Parameters Request Format: add &client_secret=[CLIENT_SECRET] after [CLIENT_ID], unless it is already present

It’s also important to ensure that the web service’s Redirect URI value matches the custom redirect URI that was applied to the Azure registered application in Create the Azure App Registration step 3. If these two values do not match, the web service will not function properly.

Click Apply.

 

4. Test the Web Service

Scroll down to the bottom of the web service and click Test. 
When prompted, enter your Microsoft credentials. If Microsoft prompts you to grant permissions to the Azure app, click Accept. 

You may be prompted to request admin approval after providing your Microsoft SharePoint credentials. If you or your Azure Administrator already approved the application in Azure, you should modify the Authorization URL under the Authorization Parameters section of the SharePoint web service: 1) Find ‘&prompt=consent’ and change it to ‘&prompt=login’ and retest 2) If that doesn’t work, try removing the ‘&prompt=’ parameter and value and retest. For more information, refer to Microsoft documentation: Send the sign-in request

Once the web service test is successful, you can create a web connection. Close the Manage Web Services dialog to return to the Web Connections menu.


5. Create the Web Connection

From Web Connections, click the plus (+) button to add a new connection.


Choose the web service you created and give the connection a unique name. Click OK.


You will be prompted again to authenticate with Microsoft. 

After successfully authenticating, your web connection and service are ready to use in FME Form. Note that the Microsoft account you authenticate with must have access to the SharePoint lists you want to connect to in FME. 

 

If you encounter issues authenticating your SharePoint connection, please see Troubleshooting SharePoint Web Connections and Services.

If you want to use your connection in FME Flow, please see How to Create a SharePoint Multitenant Web Connection for FME Flow

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.