Forum Discussion

Gurdev Singh's avatar
Gurdev Singh
Iron Contributor
Oct 22, 2022

Connect to SPO from Azure automation runbook using a certificate

How to connect to SPO using Pnp powershell Connect-PnpOnline using a certificate with script being executed from Azure automation runbook.   I have exported a self-signed certificate and uploaded t...
Connect-PnPOnline
PnP
  • Gurdev Singh's avatar
    Gurdev Singh
    Iron Contributor
    Oct 23, 2022
    Thanks Nanddeep...However, I have discovered with new version of PowerShell and PnP, the certificate thumbprint parameter no longer works and Connect-PnPOnline requires a certificatePath parameter instead.
    • David Remillard's avatar
      David Remillard
      Copper Contributor
      Dec 12, 2022
      Hi Gurdev,
      I'm having the same issue. I can actually connect using a thumbprint when running from my laptop, but when running the same command and same app reg and thumbprint in an Azure runbook, the connect fails and says it can't find a cert. Where did you end up storing the .pfx file so that you could reference it in your runbook? Azure Storage? Do you have an example of your powershell commands for the connection?

      Thanks,
      Dave
      • Gurdev Singh's avatar
        Gurdev Singh
        Iron Contributor
        Dec 14, 2022

        Hi David Remillard 

         

        I gave up on using a certificate for authentication when running a script from Azure Runbook. One thing that I found bit promising was to store the exported certificate file (including the private key) in runbook account, in runbook script store the certificate to runbook temporary storage and then invoke Connect-PnPOnline (code below).

         

        What I ended up ultimately was to use the legacy SharePoint App-Only principals? 

         

         

        # # Save authentication certificate to temp location
$certificate = Get-AutomationCertificate -Name "<certificate name>";
$credentials = Get-AutomationPSCredential -Name "<credentials i.e. the password for certificate file>";
$secureCertificatePassword = $credentials.Password;
$certificatePassword = $credentials.GetNetworkCredential().Password;
$certificatePath = "$env:TEMP\temp.pfx";
$pfxCertificate = $certificate.Export(3, $certificatePassword);
if(Test-Path $certificatePath){
	Remove-Item -Path $certificatePath;
}
Set-Content -Value $pfxCertificate -Path $certificatePath -Encoding Byte;

# #verify certificate
if(Test-Path $certificatePath){
	$pnpCert = Get-PnPAzureCertificate -CertificatePassword $secureCertificatePassword -CertificatePath $certificatePath;
	Write-Output "Saved certificate to $certificatePath, Thumbprint=$($pnpCert.Thumbprint)";
 }

# Connect using the certificate
$url = "<site url>";
$tenantAdminUrl = "<SOP admin url>";
$clientId = "<app client ID>";
$tenantId = "<tenant ID>";
Write-Output "Connecting to $url with $clientId";
$connection = Connect-PnPOnline -ReturnConnection -Url $url -ClientId $clientId -Tenant $tenantId -CertificatePath $certificatePath -CertificatePassword $secureCertificatePassword -ValidateConnection;

         

Resources