Skip to main content
Skip table of contents

Preparing for Modern Authentication in SPOC

This article provides steps to follow to ensure a successful set-up of the SharePoint Online Connector (SPOC) with Modern Authentication in the Gimmal Cloud. These steps should be completed prior to the updates performed by Gimmal which will replace the Add-in Model in February 2026.

Configure the Azure AD (Entra ID) App Registration

Overview

To connect the SharePoint Online Connector to your Microsoft 365 environment, you need to create an application registration in Azure AD (Entra ID) and grant it permissions to access SharePoint sites.

  • These instructions are provided for convenience. Please contact your Microsoft 365 Azure Administrator or SharePoint Online administrator for assistance with completing these tasks.

  • The screenshots below are provided as a guide for your convenience. Microsoft may have made changes to the administrative portal since publication.

Prerequisites

  • Global Administrator or Application Administrator role in Azure AD

  • Access to the Azure Portal (https://portal.azure.com)

Step 1: Obtain an X.509 Certificate

Gimmal Records SharePoint Online Connector only supports certificate authentication. A valid x.509 certificate is required. The certificate must allow for an exportable private key.

Export the certificate in both .CER and .PFX formats, including the private key.

  • For production environments, we strongly recommend that you acquire a certificate from a public Certificate Authority. For non-production environments, you may use a self-signed certificate.

  • Please see this article and this article for more information on X.509 certificates

Step 2: Register the application in Microsoft Entra

An application registration for the Gimmal Records SharePoint Online Connector must be created in the Entra ID portal.

2.1 Open Entra (formerly Azure AD) Portal

  1. Navigate to https://entra.microsoft.com

  2. Sign in with your administrator account

  3. Click App registrations in the left menu under Entra ID

  4. Click + New registration at the top of the application list

    A screenshot of a computer AI-generated content may be incorrect.

2.2 Create the application

Fill in the registration form:

Field

Value

Name

SharePoint Online Connector

Supported account types

Accounts in this organizational directory only

Redirect URI

  • Select the ‘Web' option for the platform.

  • Enter the SPO Connector you plan to use with a format of Url + /signin-oidc
    (e.g.  https://spo-records.gimmal.cloud/signin-oidc)

image-20251218-171013.png

Region

Test

Production

Canada

n/a

 https://spo-records-ca.gimmal.cloud 

United Kingdom

https://spo-records.uk.gimmal.build  

 https://spo-records.uk.gimmal.cloud 

United States

https://spo-records.gimmal.build  

 https://spo-records.gimmal.cloud  

Click Register.

image-20251218-171217.png

The App Registration Overview screen will appear.

2.3 Save application details

image-20251218-171558.png

After registration, from the overview screen, copy and save the following values. They will be needed in future steps:

  • Application (client) ID (A)

  • Directory (tenant) ID (B)

Note: Keep these values in a secure location - you’ll enter them in the SharePoint Online Connector configuration.

(Optional) Add Users to Manage SPOC (in Entra)

This section outlines how users who manage and configure the SharePoint Online Connector are added to the application registration in Entra.

This is an optional step and only is required if the ‘Assignment required’ property is set to ‘Yes’ for the enterprise application.

image-20260122-212021.png

Note: These accounts should be administrative users or groups who are responsible for managing the connector and troubleshooting when needed, or users who click the ‘Manage Record’ button in SharePoint

  1. Click the Enterprise Apps tab in the left-hand menu of the Entra Admin Center

  2. Find your SharePoint Online Connector app and select it

  3. Select Users and groups from the Manage menu

  4. Select users or groups who will be administering the SharePoint Online Connector application

A screenshot of a computer AI-generated content may be incorrect.

Step 3: Configure Permissions

Continuing in Entra Portal, this step will configure the permissions required by the application registration.

A screenshot of a computer AI-generated content may be incorrect.

3.1 Add API permissions

  1. Click API permissions under Manage (C)

  2. Click + Add a permission

  3. Select Microsoft Graph

  4. Select Application permissions

3.2 Select required permissions

  1. Search for and add each of these permissions:

  2. Sites.ReadWrite.All

  3. Files.ReadWrite.All

  4. Click the Add permissions button after selecting both options

3.3 Add SharePoint permissions

  1. Click API permissions under Manage

  2. Click + Add a permission

  3. Select SharePoint

  4. Select Application permissions

3.4 Select required permissions

  1. Search for and add each of these permissions:

  2. Sites.FullControl.All

  3. Click Add permissions after selecting.

3.5 Grant admin consent

  1. Click Grant admin consent for [Your Organization]

  2. Click Yes to confirm

  3. Verify: You should see green checkmarks in the Status column for the selected permissions.

A screenshot of a computer AI-generated content may be incorrect.

3.6 Upload certificate

  1. Click Certificates & secrets under Manage

  2. Click the Certificates tab

  3. Click Upload certificate.

  4. In the right panel, click Select a file.

  5. Select the .CER file that was obtained in Step 1.

  6. Click Add.

  7. Verify the Thumbprint, Start date, and Expires.

Security reminders

  • 🔒 Keep your Client Certificate secure - treat it like a password

  • 📅 Set a calendar reminder to renew the certificate before it expires

Need help?

Please contact Morae Support for assistance.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close