Create SharePoint Online Authentication and DMS Credentials
This section describes how to create SharePoint online authentication and DMS Credentials.
To create a new app in SharePoint
The app can be created anywhere on the SharePoint host (most likely on the tenant).
- Go to
- Select the Generate buttons for the Client Id and Client Secret fields and remember the values for Microsoft Dynamics 365 Business Central credential configuration. The App Domain and Redirect URI values are not relevant for COSMO Document Management System.
To grant app permissions in SharePoint
For new SharePoint Online subscription, the Grant App Permission is disabled by default or the link
https://[xxxx]-admin.sharepoint.com/_layouts/15/appinv.aspx is disabled.
To enable this feature, you need to connect to SharePoint Online using Windows PowerShell. To grant the permission, use the DMS-GrantSPOAppPermission script.
To add permissions for app in SharePoint
The app needs permissions to perform actions in SharePoint. All actions from COSMO Document Management System are executed in app credential context (read, write, create etc.).
- Go to
- Enter the App Id (Client Id) from the first step and then select Lookup.
- In the App's Permissions Request XML, enter a valid XML based on SharePoint Add-In Permissions, see https://docs.microsoft.com/en-us/sharepoint/dev/sp-add-ins/add-in-permissions-in-sharepoint
- Select the Create button.
- Then select the Trust It button in the next dialog.
Example permissions for reading, writing, and deleting items in all lists/libraries on the sitecollection:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Write"/> </AppPermissionRequests>
To execute the library set construction plan, the Full Control permission level is required to create web and lists.
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope=http://sharepoint/content/sitecollection Right="FullControl"/> </AppPermissionRequests>
Additional information for AppPermissionRequests
http://sharepoint/content/sitecollectiongives permissions to all webs and subsites inside the sitecollection, no matter on which web the appinv.aspx-permissions were granted
http://sharepoint/content/sitecollection/webdoes not inherit permissions to subsites. Permissions must be granted on all subsites (for example,
http://sharepoint/content/sitecollection/web/listdoes not inherit permission to subsites. It gives permission to one specified list after appinv.aspx-permission request. It is possible to add list templates as property.
To validate app principal on web
The app is now permitted on the specified sites.
- To verify this, go to
https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appprincipals.aspxand find your app listed.
- Remember the realm guid, to be found in the App Identifier field for the credentials in COSMO Document Management System. The realm guid is the value after the
@character. In this example, it's 94d30528-464f-45a5-a95e-816428f57b90.
Pay attention to the scope in the URL, for example
https://[mytenant].sharepoint.com/sites/[mysubsite]/_layouts/15/appprincipals.aspx?Scope=Web. Apps with web specific permissions (like http://sharepoint/content/sitecollection/web or http://sharepoint/content/sitecollection/web/list) are listed in web scope. Apps with sitecollection permissions are listed without scope.
To add app credentials in Microsoft Dynamics 365 Business Central
To complete the app credentials in COSMO Document Management System, choose the icon, enter DMS Credentials, and then choose the related link.
Additionally, the credentials set here are used for Construction Plan queries, which allows the construction plan to run for SharePoint Online.
The fields to be completed on the DMS Credentials page are described in the following list.
Code: Defines a unique identifier for the credential; maximum of 20 characters.
Type: Defines the type of authentication. SharePoint App is a registered app inside the SharePoint.
Realm (Azure Tenant ID): Specifies the realm (tenant GUID) of the organization’s Azure AD, see Validate App Principle on Web.
Target Host: Defines the tenant’s SharePoint URL, for example
App Client ID: Defines the client ID of the registered SharePoint app, see Create a New App in SharePoint.
App Client Secret: Specifies the client secret of the registered SharePoint app, see Create a New App in SharePoint.
Submit feedback for.