JMPer Cable

willmorgan · Apr 9, 2025 02:50 PM

Introduction

The OneDrive and SharePoint Data Connectors add-in is now available for JMP 19 EA6 and beyond. This blog post is intended to provide you with more information about how to get connected to your Microsoft account and access your data using these new data connectors.

If you have not yet done so, visit the JMP Marketplace to find the add-in or download it here. The installation instructions and a brief overview are found on the JMP Marketplace listing. Once you have installed the add-in, go to this page to help you get connected.

In this guide, I will show you:

Authentication options
The authorization server configuration
Troubleshooting tips

The OneDrive and SharePoint Data Connectors rely on an authentication and authorization protocol known as OAuth2, which is what allows you to use your Microsoft account to authenticate and access your data.

Once you are connected to your data, you can import and query your data just like any other data connector. From there, you can utilize all of the functionality that JMP has to offer on your data.

Authorization options

There are two options for authentication with the data connectors:

JMP hosted authorization server
Custom authorization server

See below for more details about connecting with these options.

These options are dependent on the inclusion of the Tenant ID and Client ID parameters.

Option 1: JMP hosted authorization server

This option will be used automatically if you do not include the Tenant ID and Client ID in the connector editor. When connecting, JMP opens the default browser and prompts you to login to your desired Microsoft account. You are then asked to grant access to the SharePoint Data Connector application.

If you do not have access to Azure, such as when using a personal Microsoft account, then this option will be the only one available to you. If you have issues with permissions, contact your IT department to grant access to the app.

Option 2: Authorization server configuration

Note: You will need access to Microsoft Azure with permissions to create applications to create your own Azure authorization app. If you do not have access to Azure, contact your IT department to create the app for you, or to grant you access. This process only needs to be completed once per company (tenant), so if someone at your workplace has already completed this process, you may receive your necessary credentials from the existing application.

If you have attempted to use Option 1 but find it difficult to obtain the required access permissions, then you may set up your own Azure application to grant access to the connector. This option does include some technical details regarding the OAuth2 standard, so I would recommend that you read more about it here before continuing.

For more detailed information about Azure app registration, view the Microsoft documentation here.

Please ensure that after reading these materials that you understand them before continuing.

Now that you have familiarized yourself with OAuth2 and the Microsoft Azure app registration process, here are the important steps to get you connected to your OneDrive or SharePoint data.

After you have registered your app, add a redirect URI to the application for the connector to work properly. You need to add the URI "http://localhost" to the list under Mobile and Desktop Applications. Reference the Configure Platform Settings section of the Microsoft documentation for more information.

Next, add more API permissions to your app. To do this, go to Manage > API permissions in the app portal. Click Add a permission and then search for and add the following API permissions:

Files.ReadWrite
Sites.Read.All
Sites.Selected
User.Read

By doing so, it adds the necessary API permissions so that your app can grant access to your OneDrive and SharePoint files.

Testing connection

To ensure that you have connected properly, select the Test button in the data connector editor. After it opens the browser and prompts for your Microsoft account credentials, it then runs a rudimentary API call against OneDrive or SharePoint to ensure that your connection is sound.

Troubleshooting tips

Microsoft federation can be very strict with access requirements, so you may run into issues getting access to your account through the connector if you are using Option 1. Since the authorization server is hosted by JMP, outside tenants require explicit permission from their IT departments to access the application. If this is the case, request permission from your IT department to grant access to the connector or continue with Option 2 to create your own authorization server.

A note on the browser interaction for logging in: There is a 150-second timeout in place so that JMP will not hang forever in case the browser is closed before the authentication sequence is completed. If you accidentally close the browser, you may either wait 150 seconds for the timeout to expire or close and reopen JMP to try connecting again.

Steffen_Bugge · ‎04-11-2025

WOW! I have been waiting for this for sooo long!

computerhabit

Hello,

I've tried option 2 but if Sites.Read.All is there then Sites.Selected does not restrict access to other sites.

I've made the app, added the permissions in the article. I've restricted the app using PowerShell. Onedrive and other urls appear available.

If I remove Sites.Read.All from the permissions, I get prompted for Consent.

Is there a way to remove Sitese.Read.All and not deal with consent?

willmorgan

@computerhabit Thank you for your comment! If you wish to restrict the level of access that the SharePoint Data Connector will have, then you should only use the Sites.Selected API permission. There is currently no way to bypass the consent for Sites.Selected alone since that requires admin consent and approval for the selected Site collections. I included Sites.Read.All so that the connector can access to all of the Sites that the user has permissions to access. You can read more about the SharePoint Site API permissions here. I hope this helps.

Best,
Will

computerhabit

Hello Will,

Thank you for responding.

Usually when making these apps I would use an App Secret or Certificate for the authentication. The details above never mention.

After entering the TenantID and AppID and connecting there is always an admin consent request. For fun I approved it to see what would happen. It added the permissions for Sites.Read.All and the other permissions highlighted.

It could be an instruction I am getting wrong on how to create the app. Could you advise? I sure would like to restrict this app using scenario 2.

Best regards

willmorgan

@computerhabit Your issue here is most likely that your app is requesting "Application" level API permissions whereas you should request "Delegated" API permissions. Try to change Sites.Selected to "Delegated" and then try again. As long as the API permission is "Delegated" and has been approved, that is what you should need. Please let me know if this works so I can assist further.

Best,
Will

computerhabit

Hello,

I tried the following settings, and it still asks for admin consent.

Best regards

willmorgan

@computerhabit You most likely need to add permissions to your app that let you access the Site collections that you wish to access. Reference this article to view how to add these permissions in PowerShell. Please let me know if this helps.

Best,
Will

computerhabit

Hello Will,

Thank you for your continued support. Here is an example of the applying of the application to the site.

I did give it only read but that seemed appropriate. As you can see below the permission exists.

Best regards

willmorgan

@computerhabit Thank you for that information. Is it asking for consent on the login page when you attempt to connect to the site using the data connector? If so, could I see a screen shot of this page? Thank you.