AvePoint Learn
Request an article
Contact support
Request an article
Contact support
English

Home > Get Started > Create an App Profile

Download this article

Create an App Profile

To connect your tenant with AvePoint Portal Manager using the app profile authentication method, refer to the following sections.

Create an App Profile in Modern Mode

Follow the steps below to create an app profile in modern mode:

  1. Navigate to Management > App management in AvePoint Online Services interface.

  2. Click Create.

  3. In the Select services step, select a tenant and select AvePoint Portal Manager. Then, click Next.

  4. In the Choose setup method step, select Modern mode, and click Next.

  5. In the Consent to apps step, click Consent next to the apps you need.

    • AvePoint Portal Manager – Authorizes the general functionality of AvePoint Portal Manager.

      NOTE

      A Microsoft 365 Global Administrator or Teams Administrator account who is in the same tenant is required to consent to the app. For more details on this requirement, refer to Why is Admin Consent Required to Use the AvePoint Apps?.

    • AvePoint Portal Manager for Room-Terminal Interface View –Authorizes the use of room-terminal interface view if your organization is using the conference room reservation apps.

      NOTE

      This app can be consented with either the Microsoft 365 Global Administrator account or a user account of your tenant. Before proceeding with user consent, configure the user consent setting first to Allow user consent for apps from verified publishers, for selected permissions (Recommended) following steps in Configure how users consent to applications.

  6. When you finish the consent, you can click Finish to exit the Create app profile wizard.

NOTE

  • For permissions required by each service app, check the lists in AvePoint Portal Manager.

  • In some cases, you need to re-authorize the app profile to keep your service uninterrupted. See Re-authorize an App Profile for scenarios and instruction on re-authorizing an app profile.

Create an App Profile in Custom Mode

You can connect your tenant with AvePoint Portal Manager using either an Azure app profile with delegated permissions or Azure app profile.

Before creating a custom app profile, make sure that an Azure app with the required permissions is already available in Microsoft Entra ID. For details, refer to Create a Custom Azure App.

NOTE

After connecting AvePoint Portal Manager with your Microsoft 365 tenant, make sure you add app@sharepoint to the Term Store Administrators group in the SharePoint Online admin center. For more information, refer to Appendix C - How to Add an Account to the Term Store Administrators Group

Refer to the following steps to create an Azure app profile with delegated permissions:

  1. Navigate to Management > App management in AvePoint Online Services interface.

  2. Click Create.

  3. In the Select services step, select a tenant and select AvePoint Portal Manager. Then, click Next.

  4. In the Choose setup method step, select Custom mode, and click Next.

  5. In the Consent to apps step, select the custom app type:

    • Azure app – We do not recommend this method for new customers. This is the default app for migrating existing AvePoint Portal Manager customers to AvePoint Online Services.

    • Azure app with delegated permissions

  6. Complete the following information:

    • App profile name – Enter a name for the profile.

    • Application ID – Enter the application ID of the application that has been created in Azure by referring to Create a Custom Azure App.

    • Certificate file (.pfx) – Click Browse and select your app’s private certificate (the .pfx file).

      NOTE

      Ensure this .pfx file is paired with the .cer/.crt file uploaded to Microsoft Entra ID when your organization creates the custom app. If your organization does not have any certificates, you can create self-signed certificates by referring to Appendix D - How to Prepare Certificates for the Custom Azure App.

    • Certificate password – Enter the password of the certificate.

    • Impersonation name – Enter the username of a user in your Microsoft 365 tenant. The user will be used to identify your Microsoft 365 tenant ID.

      NOTE

      This is only required for Azure apps.

  7. If you are creating an Azure app, click Finish to complete your configurations.

    If you are creating an Azure app with delegated permissions, click Consent. Choose a consent method between Global Administrator consent or User consent, and then, click Continue to consent to complete your consent.

    NOTE

    If you choose User consent, the consent user requires the Teams Administrator role. This ensures templates built by AvePoint Portal Manager can be deployed to Microsoft Teams.

Create a Custom Azure App

Refer to the following steps to create an Azure AD app with the required permissions:

  1. Create an Azure AD app. This app is used for connecting AvePoint Portal Manager with your Microsoft 365 tenant.

    1. In Azure Portal, navigate to Microsoft Entra ID > App registrations.

    2. Click New registration on the ribbon.

    3. On the Register an application page, configure the application settings.

    4. Click Register to create your app.

    5. After the app is successfully created, copy the application ID. The application ID is the client ID that will be used later.

  2. Upload a public certificate to the Azure AD app.

    1. Click Certificates & secrets in the left menu.

    2. Click Upload certificate to upload a public certificate file. You can upload a certificate file (.cer, .pem, or .crt).

      For detailed information on preparing the certificate file, refer to Appendix D - How to Prepare Certificates for the Custom Azure App.

  3. Grant required permissions to the Azure AD app.

    1. Click API permissions in the left menu.

    2. Click Add a permission. In the Request API permissions pane, select the following permissions:

      • Microsoft Graph > Application permissions

        • Application.Read.All

        • Calendars.ReadWrite

        • Group.Read.All

        • Organization.Read.All

        • Team.Create

        • TeamMember.ReadWrite.All

        • TeamsTab.ReadWriteForTeam.All

        • User.Read.All

        • DelegatedPermissionGrant.ReadWrite.All

          NOTE

          This is only required if your tenant has only custom Azure app configured.

        • AppCatalog.Read.All

          NOTE

          This is only required if your tenant has only custom Azure app configured.

        • Group.Create

          NOTE

          This is only required if your tenant has only custom Azure app configured.

        • GroupMember.ReadWrite.All

          NOTE

          This is only required if your tenant has only custom Azure app configured.

        • Place.Read.All

        • Group.ReadWrite.All

        • Sites.FullControl.All

          NOTE

          This is only required if you use the Teams app builder workflow settings.

      • Microsoft Graph > Delegated permission

        • AppCatalog.ReadWrite.All

          NOTE

          This permission is only required if you connect your tenant with AvePoint Portal Manager with a custom Azure app profile with delegated permissions.

      • SharePoint > Application permissions

        • Sites.FullControl.All

        • TermStore.ReadWrite.All

        • User.Read.All

          *Note: This is only required if you use the Calling Insights app.

    3. Click Add permissions to add the permissions.

    4. Click Grant admin consent for [Tenant name], and then click Yes in the confirmation window to grant consent for the requested permissions.