-
Notifications
You must be signed in to change notification settings - Fork 17
5.3 Login to your tenant & retrieve environment details
In order to sign in to your tenant you must have SPFx Toolkit opened in the context of a SharePoint Framework project. In the account panel you may use the Sign in to Microsoft 365
button to start the process
Alternatively, you may use the >SharePoint Framework Toolkit: Sign in to Microsoft 365
command to do the same
SPFx Toolkit needs and Entra App Registration to be able to sign in to your tenant. You may either use an existing app registration or create a new one with a single click using a dedicated form.
SPFx Toolkit will guide you through the process of creating a new app registration either manually by providing step-by-step guidance or automatically by creating the app registration for you.
Check it out in action 👇
If you already have an Entra App Registration you may use it to sign in to your tenant by providing the Client Id and Tenant Id.
If possible it is recommended to use the automated way to setup the SPFx Toolkit App Registration. Otherwise please follow the manual steps to perform it manually (this is required only one time on each tenant)
- Navigate to the Azure Portal
- Select Microsoft Entra ID from the global menu, select App Registrations in the Microsoft Entra ID blade and then select the New registration action button to open the Register an application form.
- In the form, enter a name for your new application. It's recommended to name this app SPFx Toolkit but you may give it any preferable name
- Leave the
Supported account types
andRedirect URI
values as they are and select theRegister
button at the foot of the form to create your custom application
- Next we need to configure the
Authentication
for our new app. Go to theAuthentication
page and select theAdd a platform
button to open up theConfigure platforms
menu and under theMobile and desktop applications
heading, selectMobile and desktop applications
. This will open another menu calledConfigure Desktop + Devices
displaying a section calledRedirect URIs
and a list of checkboxes with some pre-defined URIs.
- Select the first option in the list,
https://login.microsoftonline.com/common/oauth2/nativeclient
and select theConfigure
button at the foot of the menu.
- we can skip over the
Supported account type
section, as this is defaulted toAccounts in this organizational directory only (tenant only - Single tenant)
meaning, that only users within the current tenant directory can use this application. - In the
Advanced settings
section, we need to enable theAllow public client flows
toggle, as we are using theDevice code flow
method to authenticate to our tenant using the CLI for Microsoft 365.
- To make sure all these changes are applied, select the
Save
button before moving on. - Now that we have configured the application to work with the SPFx Toolkit, we next need to grant the required permissions. Select the
API permissions
in the menu option.
You will see a section called <code>Configured permissions</code> with one permission already granted. This is the default permission which allows the application to sign in the user account used when authenticating to the Microsoft Graph.
Add the following permissions:
- Microsoft Graph:
- AppCatalog.ReadWrite.All
- AuditLog.Read.All
- Directory.AccessAsUser.All
- Directory.ReadWrite.All
- SecurityEvents.Read.All
- ServiceHealth.Read.All
- ServiceMessage.Read.All
- Sites.Read.All
- User.Read
- Azure Active Directory Graph
- Directory.AccessAsUser.All
- Azure Service Management
- user_impersonation
- Office 365 Management APIs:
- ActivityFeed.Read
- ServiceHealth.Read
- SharePoint:
- AllSites.FullControl
- User.ReadWrite.All
- Go to
Overview
page and note down theApplication (client) ID
andDirectory (tenant) ID
- Click on the
Sign in to Microsoft 365
and provide the noted downClient Id
andTenant Id
The extension will retrieve helpful URLs from your tenant like link to:
- SharePoint main site
- SharePoint admin site
- SharePoint web API permission management page
Additionally, the extension will check and retrieve tenant service health incidents that are currently happening in your tenant so that you gain quick insights on your tenant health.
After successful sign in an additional view is presented that shows list of links to app catalogs available on your tenant, both tenant-level and all site-level app catalogs. Additionally, it will show you all tenant-wide extensions installed on your tenant and every app you have on every app catalog along with manage functionalities that will allow you to disable/enebale, remove, revoke, upgrade your solution and many more.
Using the extension settings you may choose show or hide the tenant-wide extensions list and tenant health incidents list.
Sign-in is also required for some actions to work properly like the deploy action which allows you to upload of the .sppkg file to the tenant or site-level App Catalog.
Check out the other resources we have in the what you may find on the wiki section.