Skip to content

Commit

Permalink
updated documentation for interactive login
Browse files Browse the repository at this point in the history
  • Loading branch information
@erwinvanhunen
erwinvanhunen committed Aug 27, 2024
1 parent 771f68d commit 57c96c7
Showing 1 changed file with 27 additions and 12 deletions.
39 changes: 27 additions & 12 deletions pages/articles/connecting.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,30 +31,45 @@ or in case the account you would like to use has MFA or any other authentication
Connect-PnPOnline [tenant].sharepoint.com -Interactive
```

### Connect by using your own Entra ID Application
### Connect by using your own Entra ID Application for Interactive Login

You will have to create your own Entra ID Application registration, or you can create one:

```powershell
Register-PnPEntraIDApp -ApplicationName "YourApplicationName" -Tenant [tenant].onmicrosoft.com -Interactive
Register-PnPEntraIDAppForInteractiveLogin -ApplicationName "YourApplicationName" -Tenant [tenant].onmicrosoft.com -Interactive
```

This will launch an authentication dialog where you need to authenticate. After closing this window the cmdlet will continue to register a new application with a set of default permissions. By default a certificate will be generated and stored in the current folder, named after the application you want to create. You can specify your own certificate by using the `-CertificatePath` parameter and optional `-CertificatePassword` parameter.
This will launch an authentication dialog where you need to authenticate. After closing this window the cmdlet will continue to register a new application with a set of default permissions, after which you will be asked to provide consent. Notice that you will asked to login again for this.

You can add permissions by using the `-GraphApplicationPermissions`, `-GraphDelegatePermissions`, `-SharePointApplicationPermissions` or `-SharePointDelegatePermissions` parameters. The cmdlet will output the Azure AppId/client id, the name and location of the certificates created (if any) and the thumbprint of the certificate. It is possible to add the certificate created to the certificate management store in Windows by adding the `-Store` parameter.
You can add permissions by using the `-GraphApplicationPermissions`, `-GraphDelegatePermissions`, `-SharePointApplicationPermissions` or `-SharePointDelegatePermissions` parameters. The cmdlet will output the Azure AppId/client id.

After the application has been created, and you consented to the permissions requested, the cmdlet will show the id of the app. You can then connect to your tenant using:

```powershell
Connect-PnPOnline -Url https://[tenant].sharepoint.com -ClientId <id of app created>
```

Note if you are using Credential Based Authentication, you will need to make a change to the app registration manifest file. Go to the app registration, select Manifest under the Manage section, then change the "allowPublicClient" property to true and click save.

```powershell
Connect-PnPOnline [tenant].sharepoint.com -Credentials (Get-Credential) -ClientId [clientid]
Connect-PnPOnline -Url [tenant].sharepoint.com -ClientId [clientid]
```

## Connect interactively using Interactive supporting MFA
### Connect by using your own Entra ID Application for AppOnly Login

One of the easiest methods to use. However, notice that this connection method will have its limitation as we will utility cookie based authentication. For instance, we will not be able to make calls to the Microsoft Graph behind the scenes.
You will have to create your own Entra ID Application registration, or you can create one:

```powershell
Connect-PnPOnline [tenant].sharepoint.com -Interactive
Register-PnPEntraIDApp -ApplicationName "YourApplicationName" -Tenant [tenant].onmicrosoft.com -Interactive
```

This will launch an authentication dialog where you need to authenticate. After closing this window the cmdlet will continue to register a new application with a set of default permissions. By default a certificate will be generated and stored in the current folder, named after the application you want to create. You can specify your own certificate by using the `-CertificatePath` parameter and optional `-CertificatePassword` parameter.

You can add permissions by using the `-GraphApplicationPermissions`, `-GraphDelegatePermissions`, `-SharePointApplicationPermissions` or `-SharePointDelegatePermissions` parameters. The cmdlet will output the Azure AppId/client id, the name and location of the certificates created (if any) and the thumbprint of the certificate. It is possible to add the certificate created to the certificate management store in Windows by adding the `-Store` parameter.

Note if you are using Credential Based Authentication, you will need to make a change to the app registration manifest file. Go to the app registration, select Manifest under the Manage section, then change the "allowPublicClient" property to true and click save.

```powershell
Connect-PnPOnline -Url https://[tenant].sharepoint.com -Credentials (Get-Credential) -ClientId [clientid]
```

## Connect using a ClientId and PFX certificate stored on your local machine
Expand All @@ -70,7 +85,7 @@ Register-PnPEntraIDApp -ApplicationName "PnPPowerShell" -Tenant [tenant].onmicro
You will be asked to authenticate. After that the cmdlet will generate two files, PnPPowerShell.pfx and PnPPowerShell.cer and a new Entra ID Application will be registered with the specified name. The public key/CER file will be uploaded and registered with the newly create application registration. You will have to use the .pfx file to connect. Notice that the `Register-PnPEntraIDApp` cmdlet only has to be executed once per tenant/application.

```powershell
Connect-PnPOnline [tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -CertificatePath '.\PnPPowerShell.pfx' -CertificatePassword (ConvertTo-SecureString -AsPlainText -Force "password")
Connect-PnPOnline -Url https://[tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -CertificatePath '.\PnPPowerShell.pfx' -CertificatePassword (ConvertTo-SecureString -AsPlainText -Force "password")
```

## Connect using a ClientId and PFX certificate stored in the Windows Certificate Management Store
Expand All @@ -86,15 +101,15 @@ Register-PnPEntraIDApp -ApplicationName "PnPPowerShell" -Tenant [tenant].onmicro
You will be asked to authenticate. After that the cmdlet will generate a certificate and will store it in the Windows Certificate Management Store and a new Entra ID Application will be registered with the specified name. The public key of the certificate file will be uploaded and registered with the newly create application registration. Notice that the `Register-PnPEntraIDApp` cmdlet only has to be executed once per tenant/application. The output of the cmdlet contains the thumbprint to use.

```PowerShell
Connect-PnPOnline [tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -Thumbprint $thumbprint
Connect-PnPOnline -Url https://[tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -Thumbprint $thumbprint
```

## Connect using a ClientId and PFX certificate being Base64 encoded

In some scenarios it might be easier to have the PFX file being encoded as a string using Base64 as opposed to having to store the physical PFX file somewhere. If you have the PFX encoded using Base64 encoding, you can connect using:

```PowerShell
Connect-PnPOnline [tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -CertificateBase64Encoded $encodedPfx
Connect-PnPOnline -Url https://[tenant].sharepoint.com -ClientId [clientid] -Tenant [tenant].onmicrosoft.com -CertificateBase64Encoded $encodedPfx
```

If you wish to convert a PFX file to its Base64 encoded equivalent, you can use:
Expand Down

0 comments on commit 57c96c7

Please sign in to comment.