Addin-only Authentication
Addin-only authentication works by registering SPGo as an authenticated Addin that is allowed to make changes to your SharePoint site. This is a common workaround for accessing a SharePont site which has been secured with 2FA. that does not yet support Multi-Factor authentication.
When prompted for credentials, you will need to provide the clientId
, clientSecret
, and (optionally) the realm
value for your Tenant. All of these values are defined when you go through the process of registering SPGo as an Addin on your SharePoint Site.
Additional Configuration
To specify Addin-only authentication, set the authenticationType
property to AddinOnly
in your spgo.json
file, or by selecting the “Addin-only” option when configuring your local environment with the SPGO> Configure Workspace
command.
Registering SPGo as an Addin on your SharePoint Site
To manage your SharePoint site using SPGo with Addin-only authentication, you will need to register SPGo as an addin for a specific Site and then apply permissions for the Addin. You can apply permissions for the Addin at the Site scope, or the Tenant scope to tightly control access.
Registering SPGo as an Addin
To register SPGo for your Site, navigate here: <path-to-site>/_layouts/15/appregnew.aspx
(e.g. https://tenant.sharepoint.com/sites/site/_layouts/15/appregnew.aspx
)
Applying Permissions
- To apply permissions at a global level, navigate to:
https://[organizaiton]-admin.sharepoint.com/_layouts/15/appinv.aspx
- To apply permissions at a Site level, navigation to:
<path-to-site>/_layouts/15/appinv.aspx
_note: the permission request xml is different for Global vs. Site registration
Global Permission XML
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
SiteCollection Permission XML
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>
Web Permission XML
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="FullControl" />
</AppPermissionRequests>
Detailed instructions
You can see a detailed configuration walkthough here on the node-sp-auth library documentation.