Previously, integrations with MS products required authenticating a connection for each product. Now, with the introduction of MS Graph Connections, individual connections for each MS product is a thing of the past. One Connection authenticating communications for numerous MS products, supporting 2FA.
- OneDrive Personal
- OneDrive for Business
- SharePoint Document
- SharePoint List
- Excel Online
Before commencing, you'll need access to your MS Azure portal (Authenticate Connection) and Sharepoint account (Configure Form/Data Source Connectors).
- Adding a Connection
- Acquiring Client ID
- Acquiring Client Secret
- Authorizing Connection
- Data Source Connector
- Form Connector
Adding a Connection
When logged into the web dashboard, navigate to Connected Data > Connections > Add Connection - Microsoft Graph.
Once added, you'll be presented with the Connection's properties to fill out: Make sure to click SAVE so the Authorize button appears.
Property | Description | Obtained? |
Client ID | Client ID Set up for your App. This value will be a GUID in the form: 3c8ae5a6-4869-41a9-af36-8517434d9cc0 | via Azure portal |
Client Secret Value | Client Secret Value Set up for your App. This value is NOT a GUID and will be in the form of: obH8P~yMaQYvxv-JZDKUIv.N9XVe3Kc_l8Z5OaYF | via Azure portal |
Callback URL (Redirect URI on Azure portal) | https://secure.formsonfire.com/oauth2/microsoftgraphcallback | used in Azure portal,Redirect URL when registering app |
Tenant ID | Use this only when an "Organization Only" application is registered. NOT a multi-tenant application. How to find your tenant ID - Microsoft Entra | Microsoft Learn | via Azure portal |
Note: You MUST enter the Tenant ID if an Organization Only application is registered. The Tenent ID is a GUID value that looks like this: 3c8ae5a6-4869-41a9-af36-8517434d9cc0
The Tenant ID can be left blank if the app registration is set as a multi-tenant.
All the details necessary to configure your connector are available to you after you setup your app on the MS Azure portal.
Please note that the process documented below is liable to change without notice as Microsoft updates their Azure portal interface.
App Registration on Microsoft's Portal
New App Registration
The first thing you need to do is go to https//portal.azure.com/ and login with your Microsoft/Office/Excel/OneDrive/SharePoint/Azuer/Entra account details.
Click the View button on the "Manage Microsoft Entra ID" option to proceed to the next step where you can start the App Registration process.
On this page, click the 'App registrations' option in the main left menu to start the app registration process as shown in the screenshot below.
Once on the App registration page, click the "New Registration" button as show in the screenshot below:
On the next screen you will need to do the actual registration of your application:
- Name - The display name for the application you are registering. You can change this at a later stage.
- Who can use this application or access this API? - (Selecting the 2nd option - "Accounts in any organizational directory (Any Microsoft Entra ID - Multitenant)" will work for most use cases)
- Redirect URI - Select the "Web" option, then copy the "Callback URL" as shown in the "Adding a Connection" section of this article and paste it into this field)
- Click "Register" - to register your application.
After clicking the "Register" button in the step above, your app will be created, and you will be able to begin setup of your secret keys.
Acquiring Client Secret
Next, you'll need to navigate Overview then click the link in the "Client Credentials" section named "Add a certificate or secret" as shown in the screenshot below:
This will take you to the screen where you can manage your certificates and secrets. On this screen, click on the "New client secret" button.
When you click on the "New client secret" button a sidebar will open on the right of the screen, as show below. Here you will need to enter a descriptive name for the secret key as well as specify how long you want the key to be valid for. We used 180 days in this example, it can be shorter or longer dependent on your organizations security rules.
Click the Add button at the bottom of the Add a client secret sidebar to save your changes. Once your changes are saved, you will be taken to the Client Secrets overview page where you can copy the Secret Value as shown in the screenshot below:
Paste this Client Secret Value in the Client Secret field on the connector within your platform.
API Permissions
Each Microsoft Service that you wish to connect to through this app registration process, requires you to configure specific API permissions for it so that it can perform correctly on our platform. On the app registration overview page, click the "API Permissions" option in the left menu to get started.
On the next page click the option to "Add a permission" to select the Microsoft Service that you wish to add permissions for.
When you click on the "Add a permission" button as shown above, a section will open on the right side of the screen, allowing you to choose which Microsoft service you wish to add permissions for. This is where it is vitally important for you to select the correct permissions for the respective Microsoft service you wish to use, in this case we select "Microsoft Graph" as shown in the screenshot below. The rest of this article provides instructions for setting up OneDrive and Sharepoint to work with your MS Graph connection.
After selecting "Microsoft Graph" as the service for which you would like to configure API permissions, on the next screen, select "Delegated Permissions" as shown in the screenshot below.
On the "Delegated Permissions" screen, you will need to add explicit support for the following API permissions for Sharepoint or OneDrive to work on your MS Graph connection.
API/Permission NameDescriptionSharepoint Requirementsoffline_accessMaintain access to data you have given it access toSites.Manage.AllCreate, edit and delete items and lists in all site collectionsFiles.ReadWriteRead, create, update, and delete the signed-in user's files.Sites.ReadWrite.AllEdit or delete items in all site collectionUser.ReadSign in and read user profile
Sharepoint or OneDrive API Permission Requirements | ||
API/Permission Name | Type | Description |
offline_access | Delegated | Maintain access to data you have given it access to. |
Sites.Manage.All | Delegated | Create, edit, and delete items and lists in all site collections. |
Files.ReadWrite | Delegated | Read, create, update, and delete the signed-in user's files. |
Sites.ReadWrite.All | Delegated | Edit or delete items in all site collections. |
User.Read | Delegated | Sign in and read the user profile. |
Once this is all completed you will be ready to authorize your connection
Authorizing Connection
Finally, after entering your Client ID and Secret, hit Save and then Authorize.
NOTE: MS Graph Connections support 2FA when authorizing.
Now when adding a Form or Data Source Connector you'll be able to select the MS Graph Connection via Using Connection property.
Data Source Connector
When adding a Sharepoint List Data Source Connector, under Using Connection, select the MS Graph Connection as opposed to a Sharepoint Connection.
Property | Description |
Sub-Site Name | If the List is in a sub-site of your connected SharePoint URL, then specify the name of the Site e.g. sites/mysubsite. |
List Name (required) | Enter the name of the SharePoint data List that you want to bind to. The List must be accessible by your connected SharePoint user account. |
Filter with Graph (optional) | Optionally define a filter statement to filter your SharePoint List results. Please note: The field(s) being filtered will need to be indexed on the SharePoint List |
Columns From View (optional) | Optionally specify a targeted view from which to load List columns into your Data Source. If not specified, then the List's default view is used (normally the "All Items" view) If using a Microsoft Graph Connection, you can specify the internal column names in a comma-separated list e.g. ID,Column 1,Column 2,... |
Refresh Frequency (required) | The time interval of which data is pulled and refreshed by this connector. |
Form Connector
When adding a Sharepoint Document or List Form Connector, under Using Connection, select the MS Graph Connection as opposed to a Sharepoint Connection.
Property | Description |
Sub-Site Name (required) | If the List is in a sub-site of your connected SharePoint URL, then specify the name of the Site e.g. sites/mysubsite. |
List Name Search (required) | Search for the name of the SharePoint data List that you want to bind to. The List must be accessible by your connected SharePoint user account. Note: Only the first 100 lists will be searched and only 25 will be displayed in the dropdown. If your list is not found using the Search option, then please hit 'Specify List' to manually type it in. |
Columns From View (optional) | Optionally specify a targeted view from which to load List columns into your Data Source. If not specified, then the List's default view is used (normally the "All Items" view) If using a Microsoft Graph Connection, you can specify the internal column names in a comma-separated list e.g. ID,Column 1,Column 2,... |