Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  1. Navigate to https://<Admin Center>/_layouts/15/AppInv.aspx (e.g.
  2. Paste client ID generated earlier into App Id field. Click Lookup. The existing values for TitleApp Domain and Redirect URL should appear.

  3. Enter the following XML into the App's Permission Request XML field to specify required permissions. Then click Create.


    <AppPermissionRequests AllowAppOnlyPolicy="true">
      <AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="Manage"/>
      <AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="Manage"/>
      <AppPermissionRequest Scope="http://sharepoint/content/sitecollection/web" Right="Manage"/>
      <AppPermissionRequest Scope="http://sharepoint/social/tenant" Right="Manage"/>

  4. You will be prompted to approve permissions for the app. Click Trust It.

  5. You can check the App registration details by navigating to: https://<Admin Center>/_layouts/15/AppPrincipals.aspx
  6. You can test the App credentials by executing the following powershell PowerShell commands to retrieve the list of all available site collections.

    $ Connect-PnPOnline https://<your-tenant> -AppId <your-app-id> -AppSecret <your-app-secret>
    $ Get-PnPTenantSite
Renew App Expired Client Secret ID
  1. Execute the following PowerShell script with the SharePoint Online Global Administrator account in order to retrieve your App client ID. Edit the "CardioLogApp" name. You can check what is your App name by navigating to: https://<Admin Center>/_layouts/15/AppPrincipals.aspx

    Code Block
    $applist = Get-MsolServicePrincipal -all  |Where-Object -FilterScript { ($_.DisplayName -like "*CardioLogApp") }
    foreach ($appentry in $applist) {
        $principalId = $appentry.AppPrincipalId
        $principalName = $appentry.DisplayName
        Get-MsolServicePrincipalCredential -AppPrincipalId $principalId -ReturnKeyValues $false | ? { $_.Type -eq "Password" } | % { "$principalName;"+"`nClient ID: "+"$principalId;"+"`nClient Secret ID: " + $_.KeyId.ToString() +";" + $_.StartDate.ToString() + ";" + $_.EndDate.ToString() } | out-file -FilePath c:\appsec.txt -append
  2. Open the C:\appsec.txt output file and copy the Client ID value:

    Image Added

  3. Execute the following PowerShell script with the SharePoint Online Global Administrator account. Edit the "Client ID" and use the value copied from step 2.

    Code Block
    $clientId = "Client ID"
    $keys = Get-MsolServicePrincipalCredential -AppPrincipalId $clientId
    Remove-MsolServicePrincipalCredential -KeyIds $keys.KeyId -AppPrincipalId $clientId
  4. Execute the following PowerShell script with the SharePoint Online Global Administrator account, in the same PowerShell window, in order to generate a new client secret ID.

    Code Block
    $bytes = New-Object Byte[] 32
    $rand = [System.Security.Cryptography.RandomNumberGenerator]::Create()
    $newClientSecret = [System.Convert]::ToBase64String($bytes)
    $dtStart = [System.DateTime]::Now
    $dtEnd = $dtStart.AddYears(1)
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Sign -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Symmetric -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
    New-MsolServicePrincipalCredential -AppPrincipalId $clientId -Type Password -Usage Verify -Value $newClientSecret -StartDate $dtStart -EndDate $dtEnd
  5. Copy the client secret ID and update it in CardioLog configuration settings:

    1. In the Administration section of the Navigation pane, click System Configuration, and then select SharePoint Tree Adaptor.
    2. Click on your SharePoint Online tenant.
    3. Click Set next to the Authentication settings and select the OAuth option
    4. Enter the Client ID (copied from step 2) and renewed client secret ID (generated in step 4) and click Save.

updating multiple
updating multiple
Deploying the CardioLog Tracking Code on Multiple Site Collections