Using SharePoint App-Only authentication in Aquaforest Products

To give Aquaforest products access to SharePoint using app-only context, you will need to create an App Registration and give it access to the site(s) you want to process.

There are 2 ways to create an App Registration:

  1. App registration via Azure AD [blog]
    This option requires giving full control access to the whole SharePoint tenant, which may not be ideal for certain users.
  2. App registration through SharePoint
    This option allows you to give permissions to the whole tenant as well as per site.

In this blog we will discuss how to use the second option.

To create an app registration via SharePoint, navigate to the following URL (replace [tenant] with your tenant):
https://[tenant].sharepoint.com/_layouts/15/appregnew.aspx

Generate the Client Id and Client Secret and make a note of them. Fill in the remaining information as shown below.

Click on Create

The next step is to grant permissions to the newly created app registration.

Grant access to a specific site

To grant permissions to a specific site, e.g. https://[tenant].sharepoint.com/sites/mysite, navigate to https://[tenant].sharepoint.com/sites/mysite/_layouts/15/appinv.aspx (replace [tenant] with your actual tenant)

Enter the App Id generated previously and click on Lookup

For Permission Request XML, enter the following:

<AppPermissionRequests AllowAppOnlyPolicy="true">
 <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>

Right can have the following values:

  • Read
  • Write
  • Manage
  • FullControl

You should have something like this:

Click on Create

You will be presented with a new consent dialog. Click on Trust It

This will give access only to the one site collection.

Grant access to the whole tenant

To grant permissions to the whole tenant, navigate to the following URL (replace [tenant] with your actual tenant):
https://[tenant]-admin.sharepoint.com/_layouts/15/appinv.aspx

Enter the App Id generated previously and click on Lookup

For Permission Request XML, enter the following:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

You should have something like this:

Click on Create

You will be presented with a new consent dialog. Click on Trust It

This will give access to all site collections in your tenant.

Enter the Client Id and Client Secret in the Aquaforest application

For instance, if you want to use App-Only Authentication in Aquaforest Searchlight (version 2.5 and above):

Under Library Settings, click on Add new Location
Select App-Only Authentication and fill in the Client Id and Client Secret


Author

Shrevin Sookun

Software Development Manager

Categories

Archive

Share Post

Related Posts

Ensure Your Documents are Fully Text Searchable with Aquaforest Searchlight Why Can’t I Find That PDF? So you have just spent half an hour…
Document discovery is a fundamental process that lays the foundation for effective document auditing and content organization. It provides organizations with a comprehensive understanding…
On first encounter it can be difficult to differentiate between Searchlight and PDF Connector. They both OCR image PDFs (PDFs where the majority of…