MOVEit Automation supports multiple authentication options to connect to SharePoint Online.

Certificate Access uses Microsoft Entra ID certificate-based authentication. It is the recommended and fully supported method for new SharePoint Online integrations.

User Access uses SAML-based claims authentication and is retained for compatibility with existing environments that use SharePoint Server and federated identity providers such as AD FS. This method is considered retired and is not recommended for new implementations.

App Access uses the legacy SharePoint App-Only authentication model. This method is retained for compatibility with existing configurations but is considered legacy and should be replaced with Certificate Access where possible.

The following section describes the Certificate Access authentication method. The User Access and App Access methods are described in the Legacy SharePoint Authentication Methods topic.

Certificate Access

SharePoint authentication is available as Microsoft Entra ID authentication through the Certificate Access option.

Microsoft Entra ID is a service from Microsoft that helps manage user identities and access. When you connect it with SharePoint, it makes logging on easy and secure. Users can sign in to SharePoint Online using their Microsoft 365 or organizational credentials.

Microsoft Entra ID makes it simple to control who can access SharePoint, provides single sign-on (SSO), and includes extra security features like multi-factor authentication (MFA) and conditional access.

Using Microsoft Entra ID for authentication, users can access SharePoint resources in the cloud without needing separate logons. It manages identity and access rules, while SharePoint Online works with Microsoft Entra ID to ensure secure access to files and sites.

Prerequisite

  • Azure Portal Admin Account.
    • You must have an Azure Portal Admin account to access and manage Microsoft Entra ID settings.
  • Self-signed certificate. You can create a certificate using one of the following methods:
    • OpenSSL: Use the openssl command-line tool to generate a self-signed certificate.
    • PowerShell Script: Use the PowerShell script detailed in the Microsoft documentation.
    • MOVEit Automation: Use MOVEit Automation to create a self-signed certificate.
    Note:

    The minimum required key size for compatibility with MOVEit Automation is RSA 2048 bits.

    For Microsoft Entra ID authentication, RSA 2048 bits is the recommended minimum key size for certificates. Larger key sizes can be used for enhanced security. Smaller key sizes are not supported by Microsoft Entra ID.

Microsoft Entra ID set up
  1. Open the Microsoft Azure Portal. If it is the first time that you access the Azure portal with your account, you will have to register a new Azure subscription.
  2. Click Microsoft Entra ID > App registration, where you will find the list of Microsoft Entra ID applications registered in your tenant.
  3. Click New registration, provide a name for your application and click Register.
  4. To add API permissions, click API permissions > Add a permission, and choose the permissions you want to grant to this application.For example SharePoint > Application permissions > Sites > Sites.FullControl.All

    To save the permissions, click Add permissions.

  5. In the Grant Consent section, click the Grant admin consent for organization name button and confirm the action by clicking the Yes button that appears at the top.
  6. To connect the certificate created in the prerequisites, click Certificates & secrets > Upload certificate. Select the .cer file you generated earlier and click add to upload it.
  7. To confirm that the certificate was successfully registered, click Manifest in the left menu and search for the keyCredentials property. It should be similar to this JSONexample:
      "keyCredentials": [
        {
          "customKeyIdentifier": "<$base64CertHash>",
          "endDate": "2021-05-01T00:00:00Z",
          "keyId": "<$guid>",
          "startDate": "2019-05-01T00:00:00Z",
          "type": "AsymmetricX509Cert",
          "usage": "Verify",
          "value": "<$base64Cert>",
          "displayName": "CN=<$name of your cert>"
         }
      ],
    Tip: If the certificate was created in MOVEit Automation, you will need to export only the public key of the certificate.
  8. To locate the Client (Application) ID and the Tenant (Directory) ID, navigate to Azure portal > Microsoft Entra ID > App registration > Overview.
MOVEit Automation Sharepoint AD Authentication
  1. Create a SharePoint host with authentication set to Certificate Access.
  2. Enter the client id and tenant id, which can be found in Azure Entra ID’s App registration overview menu.
  3. Add or link to the certificate that you want to use.
    • The certificate must be present in the Entra ID.
    • The certificate must be present in MOVEit Automation.
  4. Enter the details in the required and optional fields.
  5. Test to verify that you can list the selected document library.