Skip to main content

OAuth 2.0 for SharePoint Files

Configure Alteryx Analytics Cloud (AAC) to integrate with your SharePoint Files deployment using OAuth 2.0 to authenticate.

Prerequisites

  • OAuth 2.0 is supported for SharePoint Files Online, which is available on Microsoft Azure.

  • OAuth 2.0 authentication must be enabled AAC. For more information, see Enable OAuth 2.0 Authentication.

Create OAuth 2.0 Client App in Azure

In the Azure console, you must create the client app.

Steps:

  1. Login to Azure: https://portal.azure.com/#home

  2. Select Azure Active Directory > App Registrations > New registration.

  3. Specify the following fields:

    Field

    Description

    Name

    The name of the app.

    Supported Account Types

    Select either:

    • Single tenant

    • Multi tenant

    Redirect URI

    Specify the URL in the following format, depending your project or workspace login:

    https://<Login_URL>/oauth2/callback

    Example:

    https://us1.alteryxcloud.com/oauth2/callback
  4. To create the new registration, click Register.

  5. Overview tab:

    Note

    Copy the value for the Application (client) Id. This value must be applied in AAC.

  6. Branding tab: (optional) Specify the following fields:

    Field

    Description

    Name

    The name of the app should match the value you specified previously.

    Logo

    Upload a preferred logo for the app.

    Homepage URL

    Set this value to the following:

    https://trifacta.com

    Terms of Service URL

    Set this value to the following:

    https://www.trifacta.com/terms-conditions/

    Privacy Policy

    Set this value to the following:

    https://www.trifacta.com/privacy-policy/

    Publisher Domain

    Set this value to the following:

    trifacta.com

    MPN ID

    If you are a Microsoft Partner, you can specify your MPN ID.

  7. Certificates & Secrets tab: To create a new client secret:

    1. Select New client secret.

    2. Set the Expires option to Never.

    3. Select Add.

      Note

      Copy the Value field. This value is the client secret and must be applied in AAC.

  8. API Permissions tab:

    1. Select Add a permission.

    2. Select Microsoft Graph.

    3. Select Delegated Permissions.

    4. Use the search bar to search for Sites and then select the appropriate permissions. These are the recommended permissions:

      1. Site.Read.All: Ensures that all users can ingest all the files they have access to.

      2. Sites.ReadWrite.All: Allows users to write to folders and files that they have access to. This includes folders they own as well as folders shared with them.

      Note

      These recommendations are only to ensure the best user experience for your users on AAC. Use your organization’s access policies to guide your permission selection.

      Alternatively, you can create separate OAuth Apps for read-only and read/write access:

      • Read-Only Access (Use Sites.Read.All)

      • Read/Write Access (Use Sites.ReadWrite.All)

      You can then create two separate connections for Sharepoint Files on AAC. Then grant access to the appropriate connections for the respective users.

  9. Save your changes.

Create OAuth 2.0 Client for SharePoint Files

After the SharePoint Files client app is created, you must create an OAuth 2.0 client in AAC, which is used to integrate with the OAuth 2.0 Client app that you created in Azure.

Steps:

  1. Login to AAC as a workspace administrator.

  2. In the lefthand menu, select User menu > Admin console > OAuth 2.0 Clients.

  3. In the OAuth 2.0 Clients page, click Register OAuth 2.0.0 Client.

  4. Specify the fields for the new client:

    Field

    Description

    Type

    sharepoint files

    Name

    Enter a name for the client.

    Client ID

    Paste the value of the Application (client) Id that was generated when you created the client app in Azure.

    Client Secret

    Paste the value of the client secret that was generated when you created the client app in Azure.

    Authorization URL

    Single tenant:

    https://login.microsoftonline.com/<tenant_identifier>/oauth2/v2.0/authorize

    Multi-tenant:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize

    Token URL

    Single tenant:

    https://login.microsoftonline.com/<tenant_identifier>/oauth2/v2.0/token

    Multi-tenant:

    https://login.microsoftonline.com/common/oauth2/v2.0/token

    Scopes

    Set the scopes to the following values:

    • https://graph.microsoft.com/.default

    • offline_access

    Important

    Individual scopes must be separated by a space.

    Access Token Expires In

    Set this value to the following: 3599999.

    Refresh Token Expires In

    Set this value to the following: 7775999999.

  5. To save your OAuth 2.0 client, click Save.

For more information, see Create OAuth2 Client.

Create SharePoint Files Connection

After you have created the two OAuth 2.0 client references, you can create a connection to your SharePoint Files data.

Note

You must create a separate connection for each OAuth 2.0 client that is available in AAC.

For more information, see Microsoft SharePoint Files Connections.

Troubleshoot Access Issues

In the above steps, you created an OAuth app in the Azure portal. However, unless individual users or user groups are entitled to access and use this app, they might not be able to use it with connections created in AAC. Use these steps to add users to the app:

  1. On the Azure Portal, go to Enterprise Application.

  2. Search for the OAuth application you created.

  3. Under the OAuth application, follow options a OR b:

    1. Select Users and groups from the left navigation panel and then add the appropriate users and user groups.

    2. Select Properties from the left navigation panel and then set Assignment required? to No. This gives access to users without needing explicit assignment to the app.