Authenticating with SharePoint Online

This article is a resource where you learn about authenticating with SharePoint Online.

The following authentication methods are currently supported by WikiTraccs:

  • interactive authentication (supports MFA)
  • device-code authentication (supports MFA)
  • client credentials authentication (no MFA support)

Each of those authentication methods requires an Entra ID application to exist in Entra ID. WikiTraccs has to know the ID (“client ID”) of this application.

Prerequisites

When “authenticating with SharePoint Online” you are in fact authenticating with an Entra ID application that must be configured to authorize the access to SharePoint Online. Such an Entra ID application has to either exist or you have to register a new one.

You might have to register a new Entra ID application for use with WikiTraccs. This can be done manually in the Azure Portal or via PnP PowerShell. A sample on how to do this via PnP PowerShell is shown here: Register your own Entra ID App.

The following permissions must be configured for the Entra ID application:

  • delegated permissions in Microsoft Graph: Sites.FullControl.All (note: requires admin consent)
  • delegated permissions in SharePoint: AllSites.FullControl (note: requires admin consent)

What if FullControl cannot be granted? There is a plan B but with less features.

The following permissions will allow migrations as well:

  • delegated permissions in Microsoft Graph: Sites.Manage.All (note: no admin consent required)
  • delegated permissions in SharePoint: AllSites.Manage (note: no admin consent required)

Without full control permissions WikiTraccs will be limited in what it can migrate:

  • page permissions cannot be configured, as WikiTraccs won’t be allowed to do so
  • out-of-the-box SharePoint page and file metadata Created By, Created (Date), Modified By, Modified (Date) cannot be set, as this requires the same permissions as configuring permissions

Ultimately - regardless of the Entra ID application you choose to use - WikiTraccs needs to know the ID of this application and the application has to permit a certain amount of access to the target sites where WikiTraccs will migrate Confluence content to.

Interactive authentication

Interactive authentication allows to sign-in with a user that will be used to access SharePoint Online. Use a user account that has Owner permissions on the target SharePoint site.

With interactive authentication multi-factor authentication (MFA) is fully supported.

Choose Interactive as Target: Authentication type.

Enter the Entra ID application ID into the Azure AD Application Client ID input field. (Note: This ID looks like “31359c7f-bd7e-475c-86db-fdb8c937548e”.) The user must be granted access to the Entra ID application that is used to authenticate with.

Also fill the Target SharePoint Site Address and Target Tenant ID fields.

Select the Test SharePoint connection to test connecting. A dialog window will appear to display the result of this test.

Device code authentication

Available.

Client credentials authentication

Available, but often not feasible due to MFA or CA requirements.

Last modified September 10, 2024