• +1 (302) 476 2350
  • info@replacemagic.com

How To...

Granting access using SharePoint App-Only (use when Legacy Authentication mode is not allowed)

Download ReplaceMagic Videos: How to use ReplaceMagic

Important: In case that Legacy Authentication mode is disabled for your SharePoint sites.

From Microsoft article: https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs:

SharePoint App-Only is the older, but still very relevant, model of setting up app-principals. This model works for both SharePoint Online and SharePoint 2013/2016 on-premises and is ideal to prepare your applications for migration from SharePoint on-premises to SharePoint Online. Below steps show how to setup an app principal with tenant full control permissions, but obviously you could also grant just read permissions using this approach.

Setting up an app-only principal with tenant permissions

Navigate to a site in your tenant (e.g. https://contoso.sharepoint.com) and then call the appregnew.aspx page (e.g. https://contoso.sharepoint.com/_layouts/15/appregnew.aspx). In this page click on the Generate button to generate a client id and client secret and fill the remaining information like shown in the screen-shot below.

Next step is granting permissions to the newly created principal. Since we're granting tenant scoped permissions this granting can only be done via the appinv.aspx page on the tenant administration site. You can reach this site via https://contoso-admin.sharepoint.com/_layouts/15/appinv.aspx. Once the page is loaded add your client id and look up the created principal:

To grant permissions, you'll need to provide the permission XML that describes the needed permissions. Since this application needs to be able to access all sites + also uses search with app-only it needs below permissions:

ReplaceMagic remark - possible options for Right (in XML example you see FullControl) are:
  • Read
  • Write
  • Manage
  • Full Control

To allow enough privileges for ReplaceMagic, to be able to keep last modified date, editor, approval and publish status ... we recommend to use FullControl.

When you click on Create you'll be presented with a permission consent dialog. Press Trust It to grant the permissions:

Of course, please replace contoso with your site name.

To use App-Only authentication in ReplaceMagic in form where you can create SharePoint connection select over drop down "Authentication mode" option "App-Only Authentication [BETA]" and in Client/APP ID and Client Secret enter generated data:

and connect to your SharePoint site.

Important: In case that Legacy Authentication mode is disabled for your SharePoint sites.


Download ReplaceMagic Videos: How to use ReplaceMagic

Main drivers for ReplaceMagic in combination with SharePoint:

  • Native integation with SharePoint (On-Premise and Onsite)
  • ReplaceMagic will keep main document properties
  • ReplaceMagic relies on SharePoint configuration
  • Good performances
  • Competative price for customers

In case of any questions please do not hesitate to contact us.