Certificate-based Authentication
When using certificate-based authentication, you must create an App Registration in the organization's Azure Active Directory.
-
Since the connector will potentially crawl millions of records, please make sure to create a dedicated App Registration for the connector.
-
Sharing the App Registration between the connector and another client may lead to excessive throttling for both clients and poor indexing speed.
Application Permissions
The Azure application must be granted the following SharePoint Application API permission (see the topic below):
-
- Sites.FullControl.All
Have Full control of all site collections
Note: This permission is the minimum required as this is the only permission which lets the SharePoint API caller fetch security permissions set on sites.
- Sites.FullControl.All
The Azure application must be granted the following Graph API Application permissions:
-
- Member.Read.Hidden
Read all hidden memberships - GroupMember.Read.All
Read all groups - Directory.Read.All
Read all group memberships - User.Read.All
Read all users' full profiles
- Member.Read.Hidden
Certificate Requirements
For the following topics you need the signed certificate in PFX and CER formats (created here) as well as the password for the PFX certificate.