SharePoint Server
A family of Microsoft on-premises document management and storage systems.
2,298 questions
This process works for online but does not work for on prem versions
How to do ACS setup for SharePoint app only authentication for SharePoint server (On-Premise)?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 87%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYN%3C/text%3E%3C/svg%3E)
Yichen Name
66
Reputation points
Hi Team,
I wanted to implement app only authentication for SharePoint server. Do you have any document mentioning all the steps for the same?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 17%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYJ%3C/text%3E%3C/svg%3E)
Yanli Jiang - MSFT 24,356 Reputation points Microsoft Vendor2023-01-30T02:45:17.0966667+00:00 We are currently doing some research on this issue, will let you know as soon as possible.
Sign in to comment
2 answers
Sort by: Most helpful
-
-
Yanli Jiang - MSFT 24,356 Reputation points Microsoft Vendor
2023-01-30T09:20:01.1133333+00:00 Hi @Yichen Name ,
SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. This model works for both SharePoint Online and SharePoint 2013/2016/2019 on-premises and is ideal to prepare your applications for migration from SharePoint on-premises to SharePoint Online. Below steps show how to setup an app principal with tenant full control permissions, but obviously you could also grant just read permissions using this approach.
Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and then call the appregnew.aspx page (e.g. https://contoso.sharepoint.com/_layouts/15/appregnew.aspx). In this page click on the Generate button to generate a client id and client secret and fill the remaining information like shown in the screen-shot below.
Next step is granting permissions to the newly created principal. Since we're granting tenant scoped permissions this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via
https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx. Once the page is loaded add your client id and look up the created principal:To grant permissions, you'll need to provide the permission XML that describes the needed permissions. Since this application needs to be able to access all sites + also uses search with app-only it needs below permissions:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests>When you click on Create you'll be presented with a permission consent dialog. Press Trust It to grant the permissions.
If you want to utilize the generated app-only registration with PnP PowerShell, you can do so by connecting to your SharePoint On-Premises or Online environment using:
Connect-PnPOnline -Url https://contoso.sharepoint.com/sites/demo -ClientId [Your Client ID] -ClientSecret "[Your Client Secret]"For more information, please refer to:
https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Yanli Jiang - MSFT 24,356 Reputation points Microsoft Vendor
2023-02-06T10:12:15.9366667+00:00 I am looking forward to your feedback if there is any update.
Please remember to update this thread if you have any progress.
Thank you for your understanding.
-
Yanli Jiang - MSFT 24,356 Reputation points Microsoft Vendor
2023-02-08T07:17:44.2866667+00:00 Do you have further question on this , could we offer more support? If you have any concerns, please feel free to reply.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
-
Yichen Name 66 Reputation points
2023-02-13T08:32:47.22+00:00 This process works for online but does not work for on prem versions
Sign in to comment -