Our use of cookies

We use cookies to tailor your experience, gather analytics, and provide you with live assitance. By clicking "Accept" or continuing to browse our site you agree to the use of cookies. For more details please read our Cookie Policy.

Configure SQList to use Azure AD Delegated authentication with SharePoint Online

This form of authentication brings together the advantages of Web Login authentication and Azure AD Application Permissions authentication: it grants access to SharePoint via a user login (therefore only the sites accessible by the user are accessible by SQList) with the additional security of connecting through an application registered in Azure AD.

With this option, SQList will open a pop up window with the Office 365 login for for you to authenticate.

Once you enter your username and password, SQList will store the authentication details for future use.

Important: the authentication details returned by SharePoint with this type of authentication are not permanent, they expires after 90 days, after which the authentication process must be repeated to obtain access for a further 90 day period.

To configure this type of authentication, select the option Azure AD Delegated in the connection details:

The parameters to fill are:
  • Client ID: the Client ID of the application in Azure AD.
  • Domain: the Azure AD's domain.
  • Resource URL: the base URL of the resource (usually the root URL of your SharePoint site).
Follow the steps below to configure SQList to use Azure AD Delegated permissions to authenticate against SharePoint Online.

1) Register the Azure AD application in the Azure Active Directory tenant that is linked to your Office 365 tenant

To do that, open the Office 365 Admin Centre (https://portal.azure.com/#home) using the account of a user member of the Tenant Global Admins group.

Click on the Azure Active Directory option:

From the Overview page, take note of the Azure AD's domain as you will be needing it later on.

From the left-hand menu, select the option App registrations:

Click the New registration button in the left-hand menu. Next, provide a name for your application, select Accounts in this organisational directory only, and click the Register button.

Now click on API permissions in the left menu bar, and click on the Add a permission button.

From the choice of applications, select SharePoint:

Next, select Delegated Permissions and grant access to Sites.Read.All:

Note: it is possible to grant permissions to specific Site collections only by selecting the option "Site.Selected" in Azure AD Application Permissions (see further below); note that this option requires additional manual configuration via POST to specific endpoints via scripting or third party tools. For more details see this article:

Now click on Authentication in the left menu bar, and click on the Add a platform.

From the Configure platforms popup, choose Mobile and Desktop applications.

In the Configure Desktop + devices dialog, select the URL https://login.microsoftonline.com/common/oauth2/nativeclient, then click Configure at the bottom.

Lastly, select the Overview option and keep this page handy as you will need to copy and paste the Client ID later on.

2) Configure the connection in SQList Manager

Open SQList Manager, select SharePoint Connections,then New SharePoint connection.

In the Connection details section, select Azure AD Delegate and fill the following fields:

  • Client ID: copy and paste the Client ID from the application's Overview (see above);
  • Domain: enter the Azure AD's domain (see top of the article);
  • Resource URL: enter the resource URL of your SharePoint .

Click the Test Connection button to ensure the connection is successful.

For further details about this type of authentication see this article: