Register Service Principal with SharePoint API Permissions
To manage SharePoint, the EmpowerID SharePoint Online microservice requires a service principal application be registered in the SharePoint tenant with permissions to call the appropriate Graph and SharePoint API endpoints. Exact permissions needed are listed in the below table.
| API / Permissions Name | Description |
|---|---|
| Microsoft Graph | |
| Sites.FullControl.All | Have full control of all site collections |
| User.Read | Sign and read user profile |
| User.ReadWrite.All | Read and write all users' full profiles |
| SharePoint | |
| Sites.FullControl.All | Have full control of all site collections |
| User.Read.All | Read user profiles |
| User.ReadWrite.All | Read and write user profiles |
Register the service principal and grant API permissions to it
- Register the service principal in Azure AD.
- After the service principal is registered, navigate to API permissions for the application.
- Add the application permissions specified in the above table.
When completed, your application permissions should look like those show in the below image.
- Grant admin consent for the application.