As of MOVEit Automation 2024.1, it is possible to authenticate to SharePoint online using a certificate. These are the steps that I went through to set this up on our MOVEit Automation.
I created a self-signed certificate in MOVEit Automation by going to resources and clicking the create button. Because MOVEit Automation is the client here, I only exported the PUBLIC part of the certificate. This gave me a .pfx file which I put to one side.
Following this, I logged into the Azure portal as an administrator with plenty of permissions. I clicked on App registrations and then New registration.
I decided to call my new app 'SharePoint by MIA', and left everything else as a default value (single tenant, no redirect), then clicked Register. With the app now created, I clicked on API permissions on the lefthand menu, here you need to grant some access. I clicked the Add a permission link in the centre of the screen, then selected SharePoint from the list of APIs. Finally, I selected Application permissions on the right of the screen which gives the list of all available SharePoint permissions. I filtered the list by searching for sites.full and selected Sites.FullControl.All.
I clicked on Add permissions to request this, then clicked the Grant admin consent…’ link to apply it.
Next, just above the API Permissions menu option, you find certificates & secrets. I went to the certificates section and uploaded the certificate that I had exported from MOVEit Automation. Be aware that it asks for a .cer, .pem or .crt, but is actually perfectly happy with a .pfx format certificate.
The last step in the Azure portal is to go to the overview of the new application – here you can find the tenant and client IDs. Make a note of them before returning to MOVEit.
In MOVEit Automation, click Add Host, then select SharePoint from the cloud storage section.
I gave the new host definition a name, then entered my SharePoint tenant name, client and tenant ID. I selected the certificate that I created, then pressed browse to select a document library before hitting the test button.
This is a really simple way to grant permissions to Sharepoint, however it has granted global permissions – not necessarily a good thing!
Instead, you can consider restricting access to a single document library by granting Sites.Selected permissions instead of Sites.Fullcontrol.All. You’ll then have to use Microsoft Graph API to grant restricted permissions.
Pro2col are Managed File Transfer and MOVEit specialists with decades of technical experience, servicing customers in more than 30 countries. If you would like to learn more about MOVEit Automation or would like to discuss how we can help you with automaton file transfers, get in touch today.
Previous Version Written October, 2020
It has to be said that Microsoft SharePoint is not everybody's cup-of-tea. But, with Microsoft dominating the office productivity landscape via it very popular Office 365 subscription service, it is probably the most common document library software in use. And with that said, we find that IT teams are often asking us about how they can bring SharePoint into their automated Managed File Transfer (MFT) workflows.
For some time now, MOVEit Automation - the World's most popular MFT platform - has been able to connect to on-premise SharePoint sites via an imported script. However, as of October 2020, the release of MOVEit Automation 2020.1 includes a native host connector to SharePoint Online.
What this ultimately means is that MOVEit Automation customers can now create automated file transfer workflows which can upload or download documents into and from SharePoint Online document libraries, without any scripting.
In addition:
- Integration is available via App Access or Username / Password.
- Files for transfer can be specified by file name, type, regex or location.
- Workflows can leverage manipulation capabilities in Automation such as rename, delete from source and other scriptable capabilities.
- Full tamper-evident audit logs are captured for each transfer.
From a licensing perspective, it is worth noting that the old mechanism for SharePoint interaction made use of a script which is only available with the MOVEit Automation Enterprise edition. The new mechanism uses a native host connector instead of a script, opening up SharePoint workflows to customers with the lesser Corporate edition.
We have already seen a huge amount of positive feedback and interest from existing MOVEit Automation customers who are keen to put this new feature into action; and for those with an active maintenance and renewal contract, that upgrade is completely free!
Pro2col are Managed File Transfer and MOVEit specialists with decades of technical experience, servicing customers in more than 30 countries. If you would like to learn more about MOVEit Automation or would like to discuss how we can help you with automaton file transfers, get in touch today.
|
