Appian o-o-t-b SharePoint Connected Systems URLs per SharePoint site

Hi,

We are integrating with the Appian SharePoint Connected Systems listed in docs.appian.com/.../Connected_System.html. I have a couple of specific questions about the Client Credentials approach. It states that

=====================================================

SharePoint Client Credentials Connected System

Provide a single SharePoint user’s credentials to authenticate. All integrations will use a shared SharePoint service account. Individual Appian users do not need their own SharePoint accounts.

To generate Client Credentials, see Granting access using SharePoint App-Only in the Microsoft docs.

A few notes on the process:

  1. If you only need access to a particular SharePoint site, go to that site’s URL to generate your Client ID and Client Secret. For example: <siteName>.sharepoint.com/sites/<subsite>/_layouts/15/appinv.aspx
  2. If you do not have tenant administrator permissions, you may need to use a different permission XML. For example:
1
2
3
<AppPermissionRequests AllowAppOnlyPolicy="true">
    <AppPermissionRequest Scope="">sharepoint/.../sitecollection" Right="FullControl" />
</AppPermissionRequests>

=====================================================

(1) the first question I have is that the 'Instance URL' seems to be hard-coded in this Connected System. To elaborate, if I wanted access to a specific site's URL, I would it appears have to mention that site in a Connected System. This means I would have to create a separate Connected System for each SharePoint site/subsite. Is there a way around this ?

(2) the second question I have is regarding the XML that says that "FullControl" is needed. As expected, our security team is worried about granting FullControl. Can we not just grant ReadWrite ? I believe I tried it and it did not work, but am looking for confirmation from Appian as well as a better understanding of the need for fullcontrol.

Parents
  • (1) The example provided in Appian docs is for “If you only need access to a particular SharePoint site, go to that site’s URL to generate your Client ID and Client Secret.”  If you want access to the whole site, follow SharePoint’s docs, where they give the example of https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx.

    You can provide the SharePoint instance URL (e.g. contoso-admin.sharepoint.com) in the Connected System.  You can access subsites within each integration, using "Provide a SharePoint subsite" toggle.  If you have multiple SharePoint instances, then you would need to set up multiple connected systems.

    (2) This is what we found Microsoft supported for Client Credentials.  We haven’t tested with ReadWrite access.

Reply
  • (1) The example provided in Appian docs is for “If you only need access to a particular SharePoint site, go to that site’s URL to generate your Client ID and Client Secret.”  If you want access to the whole site, follow SharePoint’s docs, where they give the example of https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx.

    You can provide the SharePoint instance URL (e.g. contoso-admin.sharepoint.com) in the Connected System.  You can access subsites within each integration, using "Provide a SharePoint subsite" toggle.  If you have multiple SharePoint instances, then you would need to set up multiple connected systems.

    (2) This is what we found Microsoft supported for Client Credentials.  We haven’t tested with ReadWrite access.

Children

 Discussion posts and replies are publicly visible