Zum Hauptinhalt springen

Admin- und Client-Azure-App-Registrierung für den Operations1 SharePoint Connector

So konfigurieren Sie den Zugriff über Azure für den Operations1 PDF Report to SharePoint Connector

Stefan Philipp avatar
Verfasst von Stefan Philipp
Vor über einer Woche aktualisiert

Step 1: Create the Admin Service Principal

  1. Navigate to the Azure Portal → App registrations.

  2. Create a new App Registration to serve as the Admin Service Principal.

  3. Assign the following Microsoft Graph API permission:

    1. Sites.FullControl.All (Application type)

  4. Complete the registration.

    1. This application will act as the administrator and will have the ability to grant permissions to other service principals.

Step 2: Create the Client Service Principal

  1. Register a second application in App registrations to serve as the Client Service Principal.

  2. Assign the following Microsoft Graph API permission:

    1. Sites.Selected (Application type)

  3. This restricts the client’s access to only the sites explicitly granted.

    After registration, collect the following credentials from the Overview page:

    1. Tenant ID

    2. Client ID

    3. Client Secret

These will be required in the authentication step.

Step 3: Request an Access Token.

Use the Client/Admin Service Principal’s credentials to request an access token. 

POST https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token 
Content-Type: application/x-www-form-urlencoded

Request body 

client_id=YOUR_CLIENT_ID 
scope=https://graph.microsoft.com/.default 
client_secret=YOUR_CLIENT_SECRET 
grant_type=client_credentials

Step 4: Grant Site Access to the Client Application

Use the Admin Service Principal credentials to grant the Client Service Principal access to the specific SharePoint site

Request 

POST https://graph.microsoft.com/v1.0/sites/{siteId}/permissions  
Content-Type: application/json Authorisation: Bearer {ACCESS_TOKEN}

  • Use the access token acquired in Step 2 by entering the admin credentials.

Request body 

{ 
  "roles": [ 
    "write" 
  ], 
  "grantedToIdentities": [ 
    { 
      "application": { 
        "id": "YOUR_APPS_CLIENT_ID", 
        "displayName": "YOUR_APPS_NAME" 
      } 
    } 
  ] 
}

  • Replace {SiteId} with the target SharePoint site ID.

  • Replace YOUR_APPS_CLIENT_ID and YOUR_APPS_NAME with the Client Service Principal’s details.

  • The role can be set to "read" or "write" depending on the required level of access.

Once access has been granted, the next step is to upload the files to the SharePoint site.

Hat dies Ihre Frage beantwortet?