07. Migrate SharePoint Credentials from ACS to AAD
Azure ACS retirement in Microsoft 365
Azure ACS will stop working for new tenants as of November 1st, 2024, and it will stop working for existing tenants and will be fully retired as of April 2nd, 2026.
Register a new application in Azure AD with PnP PowerShell
The fastest and easiest way to register an Azure AD application to access SharePoint Online in app-only mode is to rely on PowerShell by running the PS1 script.
Note: The user must have Administrator rights to run the below script in the PowerShell
Prerequisites:
1. PowerShell module PnP.PowerShell requires PowerShell version 7.2 or higher to run the below script.
Azure ACS retirement in Microsoft 365
Prerequisites:
1. Download and save the PS1 script and the Certificate in your local system.
2. In the PS1 script, replace the Tenant Name that is used in your SharePoint and the Username having the Admin rights.
Steps to run the PS1 script:
1. Open PowerShell as an Administrator.
2. Change the directory in the PowerShell to the path where you have saved the PS1 script and the Certificate.
3. Once the directory is changed, run the PS1 script.
Note: To run the script, type the name of the PS1 script file name and hit tab and click enter. This will automatically fetch the PS1 script file name.
[e.g., Type hp (which is the PS1 script file name from the below screenshot) and hit tab and click enter]. This will help to fetch the file name and run the script.
4. In the login prompt, select a user account [which is specified in the PS1 script who has the Admin rights] and enter the password for the user.
5. After logging in, the script will continue to run.
6. User will be navigated to the Login prompt again. Select a user account and enter the password.
7. Permission Request pop up will be displayed for the new app.
8. Click on ‘Accept’ on the permissions prompt to grant permissions to create the new app in Azure portal.
9. The application is successfully registered.
10. The application is created in the Azure portal under App Registrations.
How to check the newly created App in the Azure Active Directory:
- Login to Azure portal with Admin rights.
- Click on Microsoft Entra ID on the top navigation menu.
3. In the side navigation menu, expand Manage option and click on ‘App Registrations’.
4. Click on ‘All Applications’ to find the newly generated application.
5. Click on the application name to view the App name, Client ID and Tenant ID.
6. Click on the Certificate Credentials link to view the Certificate ID and Certificate Expiry Date.
How to Edit the Existing SharePoint integration to AAD Credentials:
1. From your HingePoint portal, click on Integrations from the side navigation menu.
2. Select the existing SharePoint Integration to which all the connections are associated with [Active, Started, Not Started status connections]
3. The existing SharePoint Integration will display the old credentials [SharePoint Client Key and Client Secret] along with additional fields to edit.
4. Click on the Edit option in the View Integration page.
5. In the Edit Integration page, check the check box to use AAD Credentials
6. Enter the SharePoint Tenant ID, SharePoint AAD Client ID, SharePoint AAD Certificate ID, SharePoint AAD Certificate Expiry Date from the newly generated Application in the Azure Portal and click on Save button.
7. Now, the existing integration will be saved with AAD credentials and start to run using the SharePoint’s new approach.
How to create a new SharePoint Integration using the new Approach:
1 . From our HingePoint portal, click on Integrations from the side navigation menu.
2. Click on Create New button.
3. Enter the SharePoint integration name, select SharePoint from the dropdown for System Type.
4. Check the check box to use AAD credentials.
5. Enter the SharePoint Web URL, SharePoint Tenant ID, SharePoint AAD Client ID, SharePoint AAD Certificate ID, SharePoint AAD Certificate Expiry Date from the newly generated Application in the Azure Active Directory and click on the Save button.
6. We can now create a new connection using this newly created SharePoint integration and start the initial sync and perform live syncs.
Note: Please reach out to us at dev.team@hingepoint.com for PS1 script and Certificate along with your SharePoint Tenant Name and the User ID having office 365 admin rights or Azure global or contributor rights.
We will update the PS1 script with your Tenant Name and Username and share it across.
Please refer to the below support articles for reference:
https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/from-acs-to-aad-apps