Microsoft Authentication/Sharepoint

webstar · March 26, 2021, 10:50pm

The Microsoft Authentication brings up the following window:
How do I get approval?

Approval required
KNIME Analytics Platform
unverified
This app requires your admin’s approval to:
View users’ basic profile
Maintain access to data you have given it access to
Read items in all site collections
Edit or delete items in all site collections

Can I connect to sharepoint without that?

tobias.koetter · March 29, 2021, 12:34pm

Hello webstar,
in order to access Sharepoint you need to give KNIME Analytics Platform the required access scopes. Otherwise KNIME will not be able to connect to the service and access the data within. This is nothing KNIME specific but part of the Microsoft security policies. To do so you need to have access to Sharepoint on two levels:

First level: OAuth permission (technically these are called “scopes”)
First, consent must be given to our registered Azure AD App (“KNIME Analytics Platform”) to access Sharepoint files on behalf of a user.

Consent can be given to our Azure AD App

EITHER by the user: interactively in a browser window during the “Interactive Authentication” of the “Microsoft Authentication” node, IF organizational policies allow the user to do so.
OR by the Azure AD admin

Specifically, our Azure AD App must be given the delegated permission “Sites.ReadWrite.All”:

The globally unique Application ID of our Azure Ad App is “cf47ff49-7da6-4603-b339-f4475176432b”, which can be useful for the admin to ensure that he is giving consent to the correct App.

Second level: The user herself must have permission to access a concrete SharePoint Online site. This can be done by assigning the user to the required groups and/or teams in Azure AD or the “Microsoft 365 admin center” (which is sort of a simplified version of Azure AD).

I hope this helps.
Bye
Tobias

AnotherFraudUser · March 29, 2021, 1:46pm

Hi @webstar,

you can connect without the Graph Authorizations if you connect via a rest access token. Here you would only need admin access to the sharepoint itself - which is more common

if you can access (replace it with your actually sharepoint info)

https://YourSharepoint.com/sites/YourSharepointSite/_layouts/15/appregnew.aspx

you should have the needed rights.

However this does not work with the standard knime nodes as far as I know…
You would need to either send the request get/post request nodes - or use non-standard nodes:

How to connect/use the api here (you can also find documentation by Microsoft if you google sharepoint rest api) :

Implementation of the needed get/post request - if you do not want to do it yourself (you still need to configure the access token):

webstar · April 20, 2021, 4:21pm

Thank you – no luck i think the admin access to the share-point itself it also restricted. Appreciate the extra work you put in - I did look into it! No luck

system · October 20, 2021, 4:22am

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.