Application Configuration inĀ Azure Portal for OAuth2 Account to use in SharePoint Online

Owned by Anand Vedam
Last updated: Jun 24, 2024 by Kalpana Malladi
5 min read

In this article

Overview

The Snaps in the SharePoint Online Snap Pack require an OAuth2 account to access the resources in Azure. For the OAuth2 account to authorize successfully, create, and configure an application corresponding to the account as shown in the workflow.

Azure_workflow_with_number.png

You must complete steps one to three in the Azure Portal and the remaining steps in the Snap account (SnapLogicĀ®Platform).

Prerequisites

An Azure account with a free subscription to create the application.

Key Steps in the Workflow

Create an Application in the Azure Portal

  1. Log in to the Microsoft Azure Portal.

  2. Navigate to Azure services > Microsoft Entra ID.

  3. Navigate to AddĀ > App registration.

  4. On the Register an application page, specify theĀ name for registering the application and clickĀ Register. Learn more about creating an application at https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app.

ToĀ use an existing application, navigate to Portal Home > Azure Active Directory > App registrations > All applications. In the search box, specify the application name you want to use. Details on the application display in the search list.

Define Permissions

  1. On the navigation panel, navigate to Manage, selectĀ API permissionsĀ > Add a permission.

    Ā 

  2. On the Request API permissionsĀ window,Ā selectĀ Microsoft GraphĀ > Application permissions for the Application Account.

    Ā 

  3. Select the required permissions from Files, Users, and Teams. Choose the minimum API permissions listed under Scopes and Permissions Required for SharePoint Online.

  4. Click Add Permissions. View all the permissions added under Configured permissions.

    Ā 

  5. ClickĀ Grant admin consent confirmation and selectĀ Yes.

    Ā 

  6. In the navigation panel, clickĀ OverviewĀ andĀ select Add a Redirect URI. You will be redirected to the Platform configurations page.

    Ā 

    1. UnderĀ Platform configurations,Ā clickĀ Add a platform.

      The Configure platforms window displays.

    2. SelectĀ Web and specify the Redirect URI in the following format:Ā 
      https://<control-plane-name>.snaplogic.com/api/1/rest/admin/oauth2callback/<snap-pack-name>
      where the <control-plane-name> corresponds to the domain part of your SnapLogic URLā€”elastic (global control plane) or emea (EMEA control plane).
      For example:
      https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/sharepointonline
      https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/sharepointonline

    3. ClickĀ Configure. A popup message displays indicating that the application is successfully updated.

  7. On the Platform configurations page, click Save. The Redirect URIs are added to the application.

Locate the Application Credentials in the Azure Portal

To authorize your account in SnapLogic, you must have the following application credentials:

  • Application (Client) ID

  • Directory (tenant) name

  • Client secret value

  1. On the application page, navigate to Overview.

  2. On the application page, under Essentials, note the Application (client) ID andĀ Directory (tenant) name needed for the Snap account.

    Ā 

  3. In the left navigation panel, select Manage > Certificates & secrets.

  4. On the Certificates & secrets page, click + New client secret.

  5. In the Add a client secret window, enter the Description, select an option for Expires from the dropdown list, and clickĀ Add.Ā 

    The Client value and Secret ID areĀ generated.Ā The value of Client secret is required to configure the OAuth2 account.

You can copy the Client secret value only after it is generated. Note that this value is displayed only once, so ensure to copy it securely.

Scopes and Permissions Required for SharePoint Online

For more information, refer to User permissions and permission levels in SharePoint Server.

Application permissions

Application permissions

Permission

Display String

Description

Admin Consent Required?

Sites.Read.All

Sites.Read.All

Allows to read the lists on the SharePoint site.

Yes

Sites.Manage.All

Sites.Manage.All

Allows to add a new list to a SharePoint site.

Yes

Sites.FullControl.All

Sites.FullControl.All

Allows to create new list items in a SharePoint list.

Yes

Sites.ReadWrite.All

Sites.ReadWrite.All

Allows to create new list items in a SharePoint list.

Yes

offine_access

offline_access

Allows to read and update user data, even when they are not currently using the registered app. This permission is mandatory in Azure Services API permissions for the refresh token.

Yes

Specify the credentials and authorize the Snap Account

  1. Navigate to the Snap of your choice and configure the OAuth2 account with the details from the Azure portal's registered application. Refer to SharePoint Online account.

  2. Select theĀ Auto-refresh tokenĀ checkbox in the account settings and clickĀ Apply.

  3. ClickĀ Authorize. The Access and Refresh tokens are generated. You will be redirected to the sign-in page of the Azure Portal.

  4. Sign in to Azure Portal with valid credentials to redirect to the Snap Edit account settings dialog. The Access and Refresh tokens are auto-populated but encrypted in the Account settings.

Troubleshooting

Common Errors

Reason

Response

Common Errors

Reason

Response

Error 401

Token is invalid

Provide a valid token and reauthorize the account.

The redirect URI specified does not match the reply URI configured for the application.

Incorrect Redirect URI.

Add either of the following redirect_uris:
https://elastic.snaplogic.com/api/1/rest/admin/oauth2callback/sharepointonline

https://emea.snaplogic.com/api/1/rest/admin/oauth2callback/sharepointonline

URL error when invoking the operation

Ensure the tenant domain name is correct.

Ensure that Directory (tenant) name noted from the application is in the correct format.

Example: 2060aafa-89d9-423d-9514-eac46338ec05

Error 500

{"http_status_code": 500, "response_map": {"error_list": [{"message": "Request to token endpoint https://login.microsoftonline.com/aramark365.onmicrosoft.com/oauth2/v2.0/token failed for account \"/Tenantidshared/Azure Sharepoint Account\" of type \"SharePoint Online Account\""}]}}

Client secret has expired.

Generate new Client secret.

Frequently Asked Questions

Yes, you can register a new application or use an existing application in the Azure portal to create an OAuth account. Refer to the configuration documentation key flow Create an Application in Azure Portal. For more information, refer to https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application

In our configuration documentation, the key workflow Locate application credentials in the Azure Portal highlights the Application ID, Client ID, and Secret key values. For more information, refer to SharePoint Online Account.

For any support, contact the support team. The help icon in the Snap provides referential information with the selected Snap from the application.

The Scopes and Permissions Required for SharePoint Online specify Application permissions details. For any other permissions that are needed for the application, refer to https://learn.microsoft.com/en-us/graph/permissions-reference

You can use the SharePoint Online and Application account to connect SharePoint Online Snaps with data sources. For more details, refer to Configuring SharePoint Online Accounts

Related Content

Ā 

Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
Ā© 2017-2024 SnapLogic, Inc.