Create SharePoint Online Authentication and DMS Credentials

This section describes how to create SharePoint online authentication and DMS Credentials.

To create a new app in SharePoint

The app can be created anywhere on the SharePoint host (most likely on the tenant).

  1. Go to https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appregnew.aspx

App Information

  1. Select the Generate buttons for the Client Id and Client Secret fields and remember the values for Microsoft Dynamics 365 Business Central credential configuration. The App Domain and Redirect URI values are not relevant for COSMO Document Management System.

To grant app permissions in SharePoint

For new SharePoint Online subscription, the Grant App Permission is disabled by default or the link https://[xxxx]-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled.

To enable this feature, you need to connect to SharePoint Online using Windows PowerShell. To grant the permission, use the DMS_SharepointOnline_EnableAppAuthentication_PromptedLogin script.

DMS Grant Permission Script

Additional information

To add permissions for app in SharePoint

The app needs permissions to perform actions in SharePoint. All actions from COSMO Document Management System are executed in app credential context (read, write, create etc.).

  1. Go to https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appinv.aspx

App Id and Title

  1. Enter the App Id (Client Id) from the first step and then select Lookup.
  2. In the App's Permissions Request XML, enter a valid XML based on SharePoint Add-In Permissions, see https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
  3. Select the Create button.
  4. Then select the Trust It button in the next dialog.

App Trust

Example permissions for reading, writing, and deleting items in all lists/libraries on the sitecollection:

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Write"/>
</AppPermissionRequests>

To execute the library set construction plan, the Full Control permission level is required to create web and lists.

<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl"/>
</AppPermissionRequests>

Additional information for AppPermissionRequests

  • http://sharepoint/content/sitecollection gives permissions to all webs and subsites inside the sitecollection, no matter on which web the appinv.aspx-permissions were granted

  • http://sharepoint/content/sitecollection/web does not inherit permissions to subsites. Permissions must be granted on all subsites (for example, https://[mytenant].sharepoint.com/sites/[mysubsite]/[mysubsubsite]/_layouts/15/appinv.aspx)

  • http://sharepoint/content/sitecollection/web/list does not inherit permission to subsites. It gives permission to one specified list after appinv.aspx-permission request. It is possible to add list templates as property.

To validate app principal on web

The app is now permitted on the specified sites.

  1. To verify this, go to https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appprincipals.aspx and find your app listed.
  2. Remember the realm guid, to be found in the App Identifier field for the credentials in COSMO Document Management System. The realm guid is the value after the @ character. In this example, it's 94d30528-464f-45a5-a95e-816428f57b90.

App Display Name

Pay attention to the scope in the URL, for example https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appprincipals.aspx?Scope=Web. Apps with web specific permissions (like http://sharepoint/content/sitecollection/web or http://sharepoint/content/sitecollection/web/list) are listed in web scope. Apps with sitecollection permissions are listed without scope.

To add app credentials in Microsoft Dynamics 365 Business Central

To complete the app credentials in COSMO Document Management System, choose the Lightbulb that opens the Tell Me feature icon, enter DMS Credentials, and then choose the related link.

DMS Credentials

Additionally, the credentials set here are used for Construction Plan queries, which allows the construction plan to run for SharePoint Online.

The fields to be completed on the DMS Credentials page are described in the following list.

  • Code: Defines a unique identifier for the credential; maximum of 20 characters.

  • Type: Defines the type of authentication. SharePoint App is a registered app inside the SharePoint.

  • Realm (Directory (tenant) ID): Specifies the realm (tenant GUID) of the organization’s Microsoft Entra ID (formerly Azure AD), see Validate App Principle on Web.

  • Target Host: Defines the tenant’s SharePoint URL, for example mytenant.sharepoint.com.

  • App Client ID: Defines the client ID of the registered SharePoint app, see Create a New App in SharePoint.

  • App Client Secret: Specifies the client secret of the registered SharePoint app, see Create a New App in SharePoint.

Feedback

Submit feedback for this page.