Hi,
We are integrating with the Appian SharePoint Connected Systems listed in docs.appian.com/.../Connected_System.html. I have a couple of specific questions about the Client Credentials approach. It states that
=====================================================
Provide a single SharePoint user’s credentials to authenticate. All integrations will use a shared SharePoint service account. Individual Appian users do not need their own SharePoint accounts.
To generate Client Credentials, see Granting access using SharePoint App-Only in the Microsoft docs.
A few notes on the process:
<siteName>.sharepoint.com/sites/<subsite>/_layouts/15/appinv.aspx
1 2 3
<AppPermissionRequests AllowAppOnlyPolicy="true"> <AppPermissionRequest Scope="">sharepoint/.../sitecollection" Right="FullControl" /> </AppPermissionRequests>
(1) the first question I have is that the 'Instance URL' seems to be hard-coded in this Connected System. To elaborate, if I wanted access to a specific site's URL, I would it appears have to mention that site in a Connected System. This means I would have to create a separate Connected System for each SharePoint site/subsite. Is there a way around this ?
(2) the second question I have is regarding the XML that says that "FullControl" is needed. As expected, our security team is worried about granting FullControl. Can we not just grant ReadWrite ? I believe I tried it and it did not work, but am looking for confirmation from Appian as well as a better understanding of the need for fullcontrol.
Discussion posts and replies are publicly visible
(1) The example provided in Appian docs is for “If you only need access to a particular SharePoint site, go to that site’s URL to generate your Client ID and Client Secret.” If you want access to the whole site, follow SharePoint’s docs, where they give the example of https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx.
You can provide the SharePoint instance URL (e.g. contoso-admin.sharepoint.com) in the Connected System. You can access subsites within each integration, using "Provide a SharePoint subsite" toggle. If you have multiple SharePoint instances, then you would need to set up multiple connected systems.
(2) This is what we found Microsoft supported for Client Credentials. We haven’t tested with ReadWrite access.
Matthew,
Thanks for the reply
We have a use case to upload the documents stored in Appian to the SharePoint folder.
We don't want each user to provide the SharePoint credentials every time a document is attempted to move to the Sharepoint site. Hence, we want to establish the Connected System on Appian via the "Client Credentials" approach. However, the instructions on the link shown below this in the Connected System box is not clear on how to generate the "Client Secret". The steps documented to generate Client Secret on https://docs.appian.com/suite/help/21.4/Integrating_Sharepoint_with_Appian_CS.html is followed, but on the Connected System when selected "Client Credentials" as Authentication, Appian is throwing the error: Unable to retrieve access token The following error occurred: Invalid Client Secret Please ensure that your Client Secret in the connected system is correct. (Refer screenshot). Any thoughts on how to generate client secret key on SharePoint site for Client Credentials based authentication.
siddharthg837 Could you please let me know where you have registered the app.I am getting the following error
SystemUnauthorizedAccesException.Access denied error.