By Veronique LengelleHave you ever thought about adding an App Registration into a SharePoint group? Is it even possible? Well, I guess I’m not writing a blog post to say “No, it’s not possible” 😅
So yes, it’s possible. But we need to think outside the box. Today we’ll use Power Automate to add the App Registration to a SharePoint group, so let’s get started!
Why?
You may ask why would we need to add an app registration to SharePoint. It depends on the logic of your scenario. Especially the permissions you give to your App Registration. An example could be where your App Registration is part of a larger process and only needs specific access when it reaches SharePoint in your automation.
App Registration
There are plenty of resources available for you to create an app registration, but just know there’s nothing special about it for our scenario. So go ahead, and create one for your own needs.
The Trick
While we’re in EntraID, this is where the “trick” happens 😉 We need to add our App Registration into a Security Group.
Navigate to All groups (left navigation), and click on New group at the top. Fill the necessary information and click Create.
I’ve created a security group called AppRegsSG. Click on your group > Members > and the Add members.
When the blade opens:
- Search for your App Reg
- Tick the box for your the App Reg
- Click on Select
The App Reg is now added as a member into the security group.
Now to the Overview page of this group, and grab the Object ID. This is what we’ll need in our flow to add this security group to the desired SharePoint group 🙂
Power Automate
Now’s the time to switch to Power Automate and add our security group to a SharePoint group. The important thing I’d like to show you here is the syntax.
To add the security group, we’ll use the Send an HTTP request to SharePoint action with the sitegroups endpoint.
The App Reg cannot be added the same way we’d add a user. The flow will fail.
SharePoint supports security groups, so it will work, but the syntax for the LoginName is different compared to a user.
Here’s the syntax:
{
"__metadata": { "type": "SP.User" },
"LoginName": "c:0t.c|tenant|<Security_Group_Object_ID>"
}Once the flow ran successfully, the security group is added to the desired SharePoint group 👍
Does it work?
To show that it works, let’s use PnP PowerShell. One of the permissions for Site Members is the ability to create Lists. So let’s try that.
As you can see in the above screenshot, I’m connecting with the $clientId (which is the same GUID as some screenshots further up), and I can indeed create a list.
Thanks for reading! 🙂