AddIn Configuration and Permissions

For AddIn Only authentication to work register new addin within your SharePoint Online tenant.

  • Navigate to app registration page: https://{organization}{site}/_layouts/15/appregnew.aspx

  • Click "Generate" button next to Client Id and Client Secret, fill in Title, App Domain, Redirect URI (you can type in any values you want).

  • Copy Client Id and Client Secret and press "Create" button.

  • Apply permissions for the app on tenant or site collection level.

Tenant scoped parmissions


<AppPermissionRequests AllowAppOnlyPolicy="true">
    Right="FullControl" />

Site collection scoped permissions


<AppPermissionRequests AllowAppOnlyPolicy="true">
    Right="FullControl" />
  • Resolve addin by Client Id and paste in App's Permissions Request XML:

  • Click "Create" and "Trust It".

To check which app principals are assigned for a site collection use:


Disabled by default

In new subscriptions you could be needed to enable Grant App Permission. Connect to SharePoint using Windows PowerShell and then run:

set-spotenant -DisableCustomAppAuthentication $false.

Install-Module -Name Microsoft.Online.SharePoint.PowerShell  
$adminUPN="<the full email address of a SharePoint administrator account, example:>"  
$orgName="<name of your Office 365 organization, example: contosotoycompany>"  
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."  
Connect-SPOService -Url https://$ -Credential $userCredential  
set-spotenant -DisableCustomAppAuthentication $false  

Last updated