To authenticate a SharePoint Online host on MOVEit Automation using Certificate Access, you must define applications in Azure Active Directory (Azure AD). These applications must be granted the necessary permissions to access SharePoint.

Note: The following example demonstrates how to set up the Azure AD. The access requirements and permission levels required by your organization may be different. For information about granting access, see Granting access via Azure AD App-Only.

Prerequisites

  • Office 365 Subscription with SharePoint Online.
    • You must have an active Office 365 subscription that includes SharePoint Online
  • Azure Portal Admin Account.
    • You must have an Azure Portal Admin account to access and manage Azure AD settings.
  • Self-signed certificate. You can create a certificate using one of the following methods:
    • OpenSSL: Use the openssl command-line tool to generate a self-signed certificate.
    • PowerShell Script: Use the PowerShell script detailed in the Microsoft documentation.
    • MOVEit Automation: Use MOVEit Automation to create a self-signed certificate.

Azure Active Directory set up

  1. Open the Microsoft Azure Portal. If it is the first time that you access the Azure portal with your account, you will have to register a new Azure subscription.
  2. Click Azure Active Directory > App registration, where you will find the list of Azure AD applications registered in your tenant.
  3. Click New registration, provide a name for your application and click Register.
  4. To add API permissions, click API permissions > Add a permission, and choose the permissions you want to grant to this application
    • SharePoint
      • Application permissions
        • Sites
          • Sites.FullControl.All

    To save the permissions, click Add permissions.

  5. In the Grant Consent section, click the Grant admin consent for {{organization name}} button and confirm the action by clicking the Yes button that appears at the top
  6. To connect the certificate created in the prerequisites, click Certificates & secrets > Upload certificate. Select the .cer file you generated earlier and click add to upload it.
  7. To confirm that the certificate was successfully registered, click Manifest in the left menu and search for the keyCredentials property. It should be similar to this JSONexample:
      "keyCredentials": [
    {
      "customKeyIdentifier": "<$base64CertHash>",
      "endDate": "2021-05-01T00:00:00Z",
      "keyId": "<$guid>",
      "startDate": "2019-05-01T00:00:00Z",
      "type": "AsymmetricX509Cert",
      "usage": "Verify",
      "value": "<$base64Cert>",
      "displayName": "CN=<$name of your cert>"
     }
  ],
  8. To locate the Client (Application) ID and the Tenant (Directory) ID, navigate to Azure portal > Azure Active Directory > App registration > Overview.