Forum Discussion

KrisSub2023's avatar
KrisSub2023
Brass Contributor
Jul 15, 2023

How to Authenticate Multi Geo Sites via Client ID and Secret

Hi Team,

 

I have multi geo setup within our tenant. for Default Location, we are able to authenticate central administrate via Connect-PnPOnline -Url $AdminURL -ClientId $ClientID -ClientSecret $SecretID . With same clientid and Secret we are unable to connect other geo admin center URL's. I have added the same service principal by using _layouts/15/appinv.aspx  but it doesn't work.

 

<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>

 

Getting general error like

: Message : Exception has been thrown by the target of an invocation.
Stacktrace : at PnP.PowerShell.Commands.Base.PnPConnectedCmdlet.ProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
ScriptLineNumber : 1

 

Please advise. Thanks!

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi KrisSub2023,

     

    To authenticate multi-geo sites using a client ID and secret, you need to ensure that the service principal has the necessary permissions in each geo location. Try these these steps:

    1. Begin by registering an Azure AD application. Head over to the Azure portal (portal.azure.com) and navigate to Azure Active Directory. Create a new application and make note of the client ID and client secret.

    Tutorial: Register an app with Azure Active Directory (Microsoft Dataverse) - Power Apps | Microsoft Learn

    2. Grant the required permissions to the application. In the Azure AD application settings, go to "API permissions" and add the necessary permissions for each geo location. For SharePoint, you'll typically need the "Sites.FullControl.All" or "Sites.ReadWrite.All" application permissions. Remember to grant admin consent for these permissions.

    Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn

    3. After that, add the application to each geo admin center. Visit the admin center URL of each geo location and access the "_layouts/15/appinv.aspx" page. Fill in the application's client ID and click "Lookup" to fetch the application details. Add the required permission request XML to grant the necessary permissions and save the changes.

    4. With everything set up, you can try to authenticate using the client ID and secret. In your PowerShell script, use the `Connect-PnPOnline` cmdlet to connect to each geo admin center individually. Specify the admin center URL, client ID, and client secret as parameters.

    Here's an example of the code you can use:


    $AdminURL = "https://tenant-admin.sharepoint.com" # Replace with the admin center URL
    $ClientID = "YourClientID" # Replace with your Azure AD application's client ID
    $ClientSecret = "YourClientSecret" # Replace with your Azure AD application's client secret

    # Connect to the admin center
    Connect-PnPOnline -Url $AdminURL -ClientId $ClientID -ClientSecret $ClientSecret

    # Carry out your desired operations in the admin center

    # Disconnect from the admin center
    Disconnect-PnPOnline

    Repeat the above steps for each geo admin center URL, providing the respective URL, client ID, and client secret.

    Make sure you have the latest SharePoint Online Management Shell or PnP PowerShell module installed to run the required commands.



    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic

Resources