You can configure Access Control Service and Microsoft Entra ID authentication types to access Microsoft SharePoint Online. Consider using Microsoft Entra ID authentication to connect more securely to Microsoft SharePoint Online.
Before you configure the connection properties, you need to keep the authentication details handy based on the authentication type that you want to use.
Access Control Service
In Microsoft SharePoint Online, you can register applications in Access Control Service for app-only access, and the admin can restrict site access through the SharePoint admin center.
Generate the client ID and client secret
The client ID and client secret are required to generate a valid access token.
1Log in to the Microsoft SharePoint Online account.
The value of the client ID is displayed in the Client Id field. The following image shows the App Information page where you can generate the values of the client ID and client secret:
4Click Generate next to the Client Secret field.
The value of the client secret is displayed in the Client Secret field.
5Enter an appropriate title for the App in the Title field.
6Enter an app domain name in the App Domain field.
For example, www.google.com
7Enter a URL in the Redirect URL field.
For example, https://localhost/. You must enter the same redirect URL in the connection property.
8Click Create.
The page redirects to the Microsoft SharePoint Online page and the following message appears:
The app identifier has been successfully created.
The values of the client ID, client secret, title, and redirect URL are displayed.
Generate the bearer realm
A bearer realm is a unique ID provided for each user. Generate the bearer realm to obtain the authorization code.
1Open the Google PostMan application.
2Enter the following site or subsite URL in the Google PostMan application:
For example, https://icloudconnectivitydev.sharepoint.com/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
For example, //informaticaone.sharepoint.com/sites/TEST/_layouts/15/oauthauthorize.aspx?client_id=ecea5b1b-80e4-4f3e-a269-48b85c1797a8& scope=AllSites.Manage&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%2F
2Click Trust it to grant the application read access to the current site after the page redirects to the redirect URL page that you specify in the connection property.
The redirect URL page includes the authorization code as a query string in the following format:
https://<redirect_url>/?code=<authcode>
The following image shows the authorization code in the URI:
Note: The authorization code generated is valid only for five minutes.
Generate the refresh token
1Enter the following URL in the Google PostMan application: https://accounts.accesscontrol.windows.net/<bearer_realm>/tokens/OAuth/2
The following image shows the Normal tab in the Google PostMan application where you can configure the properties to generate the refresh token:
2Select the POST method.
3On the Header tab, enter Content-Type in the Key Name field and application/x-www-form-urlencoded in the Value field.
4On the Body tab, enter the xml request in the following format:
grant_type=authorization_code &client_id=<client_id>@<bearer_realm> &client_secret=<client_secret> &code=<auth_code> &redirect_uri=<redirect_url> &resource=< audience principal ID >/<site_host>@<bearer_realm>
5Click Send.
The refresh token is generated in the Response tab. The following image shows the Response tab where the refresh token is generated:
Microsoft Entra ID
You can use Microsoft Entra ID to access SharePoint Online on your corporate intranet or cloud applications developed specifically for your organization.
Register the Azure application with Azure Active Directory
To establish a connection with Microsoft SharePoint Online from Data Integration, you need to provide the Microsoft SharePoint Online client ID and client secret in the connection properties.
You can get these credentials by registering your application in Azure Active Directory (AAD) through the Microsoft Identity platform.
1Log in to portal.azure.com using your Microsoft SharePoint Online credentials.
2Go to App Registrations in the Azure Services section.
3Click New Registration.
4Specify a display name for your application and supported account type, and then click Register.
A client secret ID is generated. Ensure that you copy the secret ID and keep it handy to use when you configure a Microsoft SharePoint connection.
5Click Add a Certificate or Secret.
6Click New client secret, and then add the description and the expiry time.
A client secret ID is generated. Ensure that you copy the secret ID and keep it handy to use when you configure a Microsoft SharePoint connection.
7Now, click API permissions in the left pane.
8Click Add a permission.
9Click SharePoint, and then click Delegated permission on the Request API permissions page.
10 Select the permissions that the client application must have on behalf of the signed-in user.
You are advised to use AllSites.Manage to have read and write access.
11Click Add Permissions.
Generate the authorization code
You can use the tenant ID to generate the authorization code.
1Open the Google PostMan application.
2Enter the following site or subsite URL in the Google PostMan application:
You can provide either the single tenant ID value obtained from the overview section of the registered application or organizations based on the configured application.
3Select the GET method.
4On the Params tab, enter the name and value.
Enter the following query parameters for to authenticate and verify access permissions: client_id=<client_id> &response_type=code &redirect_uri=<redirect_URI> &scope=<sharepoint_url> &client_secret=<client_secret>
5Click Send.
6Copy the URL and paste it in the browser.
7Enter the log in credentials.
8Verify and click Accept.
The redirect URL page includes the authorization code as a query string in the following format:
https://<redirect_url>/?code=<authcode>
Generate refresh token
1Enter the following URL in the Google PostMan application: https://login.microsoftonline.com/<Single_Tenant_Id_value>/oauth2/v2.0/token
2Select the POST method.
3On the Header tab, enter Content-Type in the Key Name field and application/x-www-form-urlencoded in the Value field.
4On the Body tab, enter the xml request in the following format:
