Legacy SharePoint Authentication Methods
- Last Updated: July 8, 2026
- 3 minute read
- MOVEit Automation
- Version 2026
- Documentation
This topic describes the legacy SharePoint authentication methods available in MOVEit Automation. These methods are retained for compatibility with existing environments but are not recommended for new implementations.
The methods described in this topic are intended for maintaining existing integrations that rely on SAML-based claims authentication or the legacy SharePoint App-Only authentication model.
User Access
SharePoint Server uses SAML 1.1 and WS-Federation for token-based authentication. This setup needs coordination with administrators either within your organization or with a partner. If you use Active Directory Federation Services (AD FS) 2.0, you’re in a SAML token-based environment.
The SAML token-based authentication includes an identity provider security token service (IP-STS) which issues SAML tokens for users. These tokens have information about the user, like their name and groups. An AD FS 2.0 server is an example of an IP-STS.
SharePoint Server uses these tokens to allow users access. An application that accepts SAML tokens is called a relying party STS (RP-STS). This application receives the SAML token and uses the claims to decide if the user can access the requested resource. In SharePoint Server, each web application using a SAML provider is added to the IP-STS server as a separate RP-STS entry. A SharePoint farm can have multiple RP-STS entries in the IP-STS.
- Request a web page (anonymous)
- Obtain a logon page from the AD FS server.
- Request a SAML security token.
- Validate user credentials with the identity provider.
- Send a SAML security token.
- Send a new web page request containing the SAML security token.
- Create Sharepoint security token and send the requested web page.

- Username: Username or email address of a SharePoint instance user.
- Password: Password of a SharePoint instance user.
App Access
To authenticate a SharePoint host on MOVEit Automation using the App Access, you must create a SharePoint App with appropriate permissions on Office 365 for use with MOVEit Automation.
Prerequisite
You must have a SharePoint instance in Microsoft Office 365 and access to the log on credentials.
- Log on to SharePoint, and navigate to
https://tenant-name.sharepoint.com/sites/site-name/_layouts/15/appregnew.aspxWhere tenant-name is the unique name that identifies your SharePoint instance
Sites are created under
/sitesin this examplesite-name is the name of the site on your SharePoint instance.
- Generate a new Client Id and Client Secret.
- Enter the Title, App Domain, and Redirect URL
information.
- The Redirect URL can be left blank or include a dummy value. However, if the app is used for purposes other than MOVEit Automation workflows, the Redirect URL should point to a domain page owned by the user.
- Save the Client Id and Client Secret details. These are required to authenticate the SharePoint host.
- To save the App, click Create .
- Navigate to
https://tenant-name-admin.sharepoint.com/sites/site-name/_layouts/15/appinv.aspx - Enter the App's Client ID and click Lookup.
- Confirm the Title, App Domain, and Redirect URL information.
- To grant permissions, insert the permission XML that
describes the needed permissions in the App's Permission
Request XML field. For example, for full
control:
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" /> </AppPermissionRequests> - To save your changes, click Create. You will be presented with a permission consent dialog. Click Trust It to grant the permissions.
- To set up the SharePoint Host, the Realm ID is required. To
generate the Realm ID, select from one of the following options
- Navigate to
https://tenant-name.sharepoint.com/sites/site-name/_layouts/15/AppPrincipals.aspx.The Realm ID is the string following the @ symbol. For example, the Realm ID is highlighted in this string:
i:0i.t|ms.sp.ext|bb2d5eb0-43b0-437b-9a7d-c02a2b7714a5@db266a67-cbe0-4d26-ae1a-d0581fe03535
- Navigate to