How Can We Help?
< All Topics
Print

07. Migrate SharePoint Credentials from ACS to AAD

 

Azure ACS retirement in Microsoft 365

Azure ACS will stop working for new tenants as of November 1st, 2024, and it will stop working for existing tenants and will be fully retired as of April 2nd, 2026.

Register a new application in Azure AD with PnP PowerShell

The fastest and easiest way to register an Azure AD application to access SharePoint Online in app-only mode is to rely on PowerShell by running the PS1 script.

Note:  The user must have Administrator rights to run the below script in the PowerShell

Prerequisites:

1. PowerShell module PnP.PowerShell requires PowerShell version 7.2 or higher to run the below script.

Azure ACS retirement in Microsoft 365

Prerequisites:

1. Download and save the PS1 script and the Certificate in your local system.

Ps1

2. In the PS1 script, replace the Tenant Name that is used in your SharePoint and the Username having the Admin rights.

Tenant Name

Steps to run the PS1 script:

1. Open PowerShell as an Administrator.

Powershell

2. Change the directory in the PowerShell to the path where you have saved the PS1 script and the Certificate.

3. Once the directory is changed, run the PS1 script.

Note:  To run the script, type the name of the PS1 script file name and hit tab and click enter. This will automatically fetch the PS1 script file name.

[e.g., Type hp (which is the PS1 script file name from the below screenshot) and hit tab and click enter]. This will help to fetch the file name and run the script.

Psi Script File

 

Power Shell Migration

4. In the login prompt, select a user account [which is specified in the PS1 script who has the Admin  rights] and enter the password for the user.

Sign In Sign Up

5. After logging in, the script will continue to run.

Permission

6. User will be navigated to the Login prompt again. Select a user account and enter the password.

7.  Permission Request pop up will be displayed for the new app.

8. Click on ‘Accept’ on the permissions prompt to grant permissions to create the new app in Azure  portal.

Permission Requested

9. The application is successfully registered.

Application Registered

10. The application is created in the Azure portal under App Registrations.

Application Created

How to check the newly created App in the Azure Active Directory:

  1. Login to Azure portal with Admin rights.
  2. Click on Microsoft Entra ID on the top navigation menu.

Azure Services

3. In the side navigation menu, expand Manage option and click on ‘App Registrations’.

Side Navigation Menu

4. Click on ‘All Applications’ to find the newly generated application.

All Application

5. Click on the application name to view the App name, Client ID and Tenant ID.

6. Click on the Certificate Credentials link to view the Certificate ID and Certificate Expiry Date.

Essentials

Certificate

 

How to Edit the Existing SharePoint integration to AAD Credentials:

1. From your HingePoint portal, click on Integrations from the side navigation menu.

Integration

2. Select the existing SharePoint Integration to which all the connections are associated with [Active,             Started, Not Started status connections]

Integrations

3. The existing SharePoint Integration will display the old credentials [SharePoint Client Key and Client Secret] along with additional fields to edit.

View Integration

4. Click on the Edit option in the View Integration page.

5. In the Edit Integration page, check the check box to use AAD Credentials

6. Enter the SharePoint Tenant ID, SharePoint AAD Client ID, SharePoint AAD Certificate ID, SharePoint AAD Certificate Expiry Date from the newly generated Application in the Azure Portal and click on Save button.

Edit Integration

7. Now, the existing integration will be saved with AAD credentials and start to run using the SharePoint’s new approach.

How to create a new SharePoint Integration using the new Approach:

1 . From our HingePoint portal, click on Integrations from the side navigation menu.

2. Click on Create New button.

Show Integration

3. Enter the SharePoint integration name, select SharePoint from the dropdown for System Type.

4.  Check the check box to use AAD credentials.

5. Enter the SharePoint Web URL, SharePoint Tenant ID, SharePoint AAD Client ID, SharePoint AAD Certificate ID, SharePoint AAD Certificate Expiry Date from the newly generated Application in the Azure Active Directory and click on the Save button.

Create New Integration

6. We can now create a new connection using this newly created SharePoint integration and start the   initial sync and perform live syncs.

Note:  Please reach out to us at dev.team@hingepoint.com for PS1 script and Certificate along with your SharePoint Tenant Name and the User ID having office 365 admin rights or Azure global or contributor rights.

We will update the PS1 script with your Tenant Name and Username and share it across.

Please refer to the below support articles for reference:

https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins-modernize/from-acs-to-aad-apps

https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/retirement-announcement-for-azure-acs?source=recommendations