Skip to main content

Service Principal (SP) creation and configuration for the Operations1 SharePoint Connector

How to configure to grant access via Azure for the Operations1 Report to SharePoint Connectors

Stefan Philipp avatar
Written by Stefan Philipp
Updated this week

IMPORTANT: Service Principal creation requires access to Azure Portal with admin user, which can provide consent for required permissions.

The steps below will guide you through the creation of client service principal and optionally admin service principal.

  • Client Service Principal is required to configure sharepoint connector in the Operations1 application.

  • Optional Admin Service Principal is only required to give Client Service Principal required permissions and won't be used for any else related to sharepoint connector.

STEP 1: Create Client Service Principal

a) Navigate to Azure Portal Microsoft Entra ID App registrations

b) Register a new application

c) Assign the following Microsoft Graph API permission:

d) Create secret from Client Service Principle

Step 2: Create the Admin Service Principal

IMPORTANT: This step is not strictly required if you already have a service principal which is able to grant permissions to the client service principal you have created above.

If you do continue to step 3.

Otherwise, create a new Service Principle which will only be needed for step 3.

a) Navigate to Azure Portal Microsoft Entra ID App registrations

b) Register a new application

c) Assign the following Microsoft Graph API permission:

d) Create secret for your Admin Service Principle

Step 3: Request an Access Token.

Use the Admin Service Principal’s credentials to request an access token.

curl -X POST "https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "client_id={AdminServicePrincipalClientId}" \ -d "scope=https%3A%2F%2Fgraph.microsoft.com%2F.default" \ -d "client_secret={AdminServicePrincipalSecret}" \ -d "grant_type=client_credentials"

  • Replace {TenantId} with your Tenant ID of Client Service Principal created in step 1.

  • Replace {AdminServicePrincipalClientId} with Admin Service Principal client id

  • Replace {AdminServicePrincipalSecret} with Admin Service Principal client secret

Output: A JSON object containing "access_token". Copy the "access_token" value for the next steps.

For more details see Microsoft Documentation

Step 4: Get the SharePoint Site ID

Use the access token from Step 3 to retrieve the Site ID.

curl -X GET "https://graph.microsoft.com/v1.0/sites/{hostname}:/{relative-path}" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN" | jq

Replace the placeholders:

  • hostname with your SharePoint hostname, e.g., contoso.sharepoint.com

  • relative-path with your Path to the site, e.g., /sites/Marketing

  • YOUR_ACCESS_TOKEN with token obtained from the step 3

Output: JSON response containing id (the Site ID). Save this for next step

Step 5: Grant Site Access to the Client Application

Use the Admin Service Principal credentials to grant the Client Service Principal access to the specific SharePoint site

curl -X POST "https://graph.microsoft.com/v1.0/sites/{SITE_ID}/permissions" \ -H "Authorization: Bearer {ACCESS_TOKEN}" \ -H "Content-Type: application/json" \ -d '{       "roles": ["write"],       "grantedToIdentities": [         {           "application": {             "id": "{APP_CLIENT_ID}",             "displayName": "{APP_DISPLAY_NAME}"           }         }       ]     }' | jq

Replace the placeholders:

  • SITE_ID with Site ID obtained from Step 4

  • ACCESS_TOKEN with access_token obtained from step 3

  • APP_CLIENT_ID with Client application’s client ID

  • APP_DISPLAY_NAME with Client application’s display name

* The role can be set to "read" or "write" depending on the required level of access.

The Client Application has been successfully granted permissions to the SharePoint site using the Admin Service Principal.

Use Client Application’s credentials (Client ID + Client Secret) and the tenant ID for connector configration.

Upload File to SharePoint via Sharing URL Using Operations1 SharePoint connector

Once the site is created, it should appear in SharePoint. To create a new document library:

  1. Click the New button on the site’s home page

  2. From the drop down menu, select Document Library.

3. Click Blank library.

4. Pop-up window will appear asking for the library details. Enter a Name for the document library and click Create.

5. After creation, navigate to the newly created document library.

7. To create a folder where the reports will be stored, click the New button again and select Folder from the dropdown menu.

8. A pop-up window will appear as shown in the screenshot. Enter a Folder Name and click Create.

9. First, navigate inside the folder that you created. Once inside the folder, click the Copy link button.

10. A pop-up window will appear with the generated link, as shown in the screenshot. Click Copy. The URL is now copied to your clipboard

11. Paste this URL into the SharePoint Location field within the Operations1 SharePoint Connector configuration, as shown in the screenshot below

Did this answer your question?