Deployment and Configuration | EmpowerID IGA Documentation

📄️ Register Service Principal for App Service Authentication

To manage SharePoint, the EmpowerID SharePoint Online (SPO) microservice requires a service principal application be registered in the SharePoint tenant to provide Azure AD authentication to the app service that hosts the SPO microservice.

📄️ Register Service Principal with SharePoint API Permissions

To manage SharePoint, the EmpowerID SharePoint Online microservice requires a service principal application be registered in the SharePoint tenant with permissions to call the appropriate Graph and SharePoint API endpoints. Exact permissions needed are listed in the below table.

📄️ Create an App Service for the SharePoint Online Microservice

As part of the deployment process for the SharePoint Online microservice, an app service needs to be created to host the microservice and configured for authentication to access the key vault as needed.

📄️ Create a key vault

The SharePoint Online microservice requires a key vault with a certificate for certificate-based authentication between the microservice and the service principal registered for it. Additionally, the key vault needs to be configured with an access policy that grants key, secret, and certificate permissions to assigned applications. These permissions will be granted to the SharePoint Online app service hosting the microservice.

📄️ Provision a Cosmos DB Account for SharePoint Online

The SharePoint Online microservice uses Cosmo DB for SQL configured with information specific to your tenant. This article takes through the provisioning and configuration steps.

📄️ Create a Function app to Update User Profiles

As part of the deployment process for the SPO microservice, you need to create a Function app in Azure that EmpowerID uses to update SharePoint user profiles. However, before creating the app, you need to create a secret in the key vault you created earlier and add that information when setting up the Function app. After you create the secret, you then create the Function app with the appropriate settings, and grant the function app access to the secret in the key vault via an access policy.

📄️ Add Application Settings to the App Service

To access the Cosmos DB, the SharePoint Online app service needs to be configured with the application settings outlined in this article. Once you have completed this, you download the publish profile file. This file is used when publishing the SharePoint Online microservice to Azure.

📄️ Add Secret to Key Vault in EmpowerID Tenant

In order for EmpowerID to authenticate to your SharePoint tenant, you need to add to the key vault of the EmpowerID tenant the secret created when you registered the service principal used to authenticate the SharePoint app service. Applicable only for SaaS environment.

📄️ Publish the SharePoint Online Microservice to Azure

After configuring Azure to host the SharePoint Online microservice, you need to publish the microservice to the app service from EmpowerID.