Comment on page
Configuration
AddIn Configuration and Permissions
For AddIn Only authentication to work register new addin within your SharePoint Online tenant.
- Navigate to app registration page: https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appregnew.aspx
- Click "Generate" button next to Client Id and Client Secret, fill in Title, App Domain, Redirect URI (you can type in any values you want).

- Copy Client Id and Client Secret and press "Create" button.
- Apply permissions for the app on tenant or site collection level.
https://{organization}-admin.sharepoint.com/_layouts/15/appinv.aspx
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest
Scope="http://sharepoint/content/tenant"
Right="FullControl" />
</AppPermissionRequests>
https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appinv.aspx
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest
Scope="http://sharepoint/content/sitecollection"
Right="FullControl" />
</AppPermissionRequests>
- Resolve addin by Client Id and paste in App's Permissions Request XML:

- Click "Create" and "Trust It".

To check which app principals are assigned for a site collection use:
https://{organization}.sharepoint.com/sites/{site}/_layouts/15/appprincipals.aspx
In new subscriptions you could be needed to enable Grant App Permission. Connect to SharePoint using Windows PowerShell and then run:
set-spotenant -DisableCustomAppAuthentication $false
.Install-Module -Name Microsoft.Online.SharePoint.PowerShell
$adminUPN="<the full email address of a SharePoint administrator account, example: [email protected]>"
$orgName="<name of your Office 365 organization, example: contosotoycompany>"
$userCredential = Get-Credential -UserName $adminUPN -Message "Type the password."
Connect-SPOService -Url https://$orgName-admin.sharepoint.com -Credential $userCredential
set-spotenant -DisableCustomAppAuthentication $false
Last modified 8mo ago