Hi,
we need to make an integration with SharePoint Online, in form of single system login, with Appian 21.4
The customer after done the configuration on SharePont, gave us a PFX certificate and no client secret.
But as I read on Appian documentation the "certificate authentication" is an alternative to Client Secret authentication which is needed by Sharepoint Connected System on Appian.
So we need the customer to configure following "Granting access using SharePoint App-Only" (https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs)
and not "Granting access via Azure AD App-Only".
Is what I say correct?
Is there a way to configure a SPO integration on Appian by using the certifcate authentication?
Thanks
Discussion posts and replies are publicly visible
Update:
I confirm what I said in the previous post, Appian's default Connected system for Sharepoint Online uses "Granting access using SharePoint App-Only" type of authentication. Our issue is that the customer only allows "Azure AD app for app-only access" authentication, using a certificate and its private key. So no Client Secret. Therefore we are looking for a way to generate an integration with SPO customized to this constraint imposed by the customer.
Would it be an option to not use the SP connected system, but a HTTP CS and oAuth?
Hi Gabriele, we had the same problem and we resolved it in this way: In order to generate the client assertion (https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/web-apps-apis/confidential-client-assertions), it's a JWT, (https://jwt.io/introduction) needed to retrieve the token from Microsoft IDP (learn.microsoft.com/.../v2-oauth2-client-creds-grant-flow), we created an Appian Plugin Function (docs.appian.com/.../Custom_Function_Plug-ins.html) that creates the Json Web Token. Then we used HTTP integrations to create folders/documents, check if a folder exists and so on. We used the REST API following the official Microsoft documentation (https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/working-with-folders-and-files-with-rest). It is not possible to use the OOTB connected system because it requires the parameter "client secret", but this parameter is not used in "Azure AD app for app-only access".