Summary
Microsoft has retired the legacy SharePoint Add-In authentication model. As a result, applications must now use Microsoft Entra ID (Azure AD) and Microsoft Graph / SharePoint REST APIs for authentication and access.
Reference: Retirement announcement for SharePoint Add-Ins
In remiCrystal, this means existing SharePoint targets that relied on legacy authentication should be recreated using the newer Microsoft Graph-based authentication method.
Applies to
- remiCrystal
- SharePoint Online
- Microsoft Entra ID (Azure AD)
- Microsoft Graph authentication for SharePoint destinations
Symptoms
Users may experience one or more of the following:
- SharePoint destinations no longer authenticate successfully
- Target validation fails for legacy SharePoint connections
- Uploads to SharePoint document libraries stop working
- Older SharePoint authentication methods are no longer accepted by Microsoft 365
Cause
Microsoft has retired the SharePoint Add-In model and older authentication approaches tied to it. Because of this change, applications must authenticate using modern Microsoft identity platform methods and access SharePoint resources through Microsoft Graph / SharePoint REST-compatible APIs.
Resolution
To migrate SharePoint delivery in remiCrystal, complete the following steps:
- Register an application in Microsoft Entra ID
- Assign the required Microsoft Graph permissions
- Create a client secret
- Create a new MS Graph account in remiCrystal
- Create a new SharePoint target and browse to the desired document library
Step 1: Register an Application in Microsoft Entra ID
- Sign in to the Azure portal at https://portal.azure.com.
- Go to Microsoft Entra ID.
- Select App registrations.
- Click New registration.
- Enter a name such as
remiCrystal SharePoint Integration. - Select the appropriate supported account type for your organization.
- Click Register.
Step 2: Record the Application Details
After the application is created, record the following values from the Overview page:
- Application (client) ID
- Directory (tenant) ID
These values will be required when creating the MS Graph account in remiCrystal.
Step 3: Create a Client Secret
- In the app registration, go to Certificates & secrets.
- Click New client secret.
- Enter a description.
- Select an expiration period according to your organization's policy.
- Click Add.
- Copy the secret value immediately and store it securely.
Step 4: Assign Required API Permissions
- In the app registration, go to API permissions.
- Click Add a permission.
- Select Microsoft Graph.
- Select either Delegated permissions or Application permissions, depending on your setup.
Recommended Permissions for SharePoint
| Authentication Model | Permissions |
|---|---|
| Delegated (User) |
Sites.ReadWrite.AllFiles.ReadWrite.All
|
| Application (Service Principal) | Sites.ReadWrite.All |
- Click Add permissions.
- If required, click Grant admin consent.
Step 5: Create the MS Graph Account in remiCrystal
- Open remiCrystal.
- Go to Options.
- Select MS Graph / Power BI.
- Click Add.
- Enter the account details.
Account Configuration
- Account Name: Friendly name for the account
-
Authentication Type:
-
Delegated (User), or Application (Service Principal)
-
-
Account Type:
MS Graph (SharePoint) - Tenant ID: Directory (tenant) ID from Azure
- Client ID: Application (client) ID from Azure
- Client Secret: Client secret value created in Azure
- Refresh Token: Required for delegated authentication where applicable
- Click Validate.
- Click Save.
Step 6: Create a New SharePoint Target
- Create or edit a schedule in remiCrystal.
- Go to Target.
- Select Output To > SharePoint.
- Set Authentication Type to
MSGraph. - Select the account you created in the Account Name dropdown.
- Enter the SharePoint Site Address.
- Browse to the required Document Library location.
- Save the target.
Example SharePoint Site Address
https://yourtenant.sharepoint.com/sites/yoursiteExample Document Library Path
Document Library/remiWare/remiCrystalVerification
After configuration is complete:
- Validate the MS Graph account in remiCrystal.
- Use the SharePoint target browse function to confirm access to the site and document library.
- Run a test schedule and confirm the file is delivered to the expected SharePoint location.
Troubleshooting
Validation Fails
- Verify the Tenant ID, Client ID, and Client Secret
- Confirm the client secret has not expired
- Confirm the API permissions were added to the correct app registration
- Confirm admin consent was granted where required
Unable to Browse SharePoint Library
- Verify the SharePoint Site Address is correct
- Verify the account has access to the site
- Confirm the configured Microsoft Graph permissions are sufficient
- Confirm the selected authentication type matches how the app was intended to be used
Uploads Fail After Successful Validation
- Verify the selected document library path is correct
- Confirm the destination folder still exists
- Confirm the authenticated identity has write access to the destination library
Additional Information
For Microsoft guidance on the SharePoint Add-In retirement, see: Retirement announcement for SharePoint Add-Ins
Comments
0 comments
Article is closed for comments.