This guide explains how to create a secure Microsoft SharePoint integration for IRIS using a self-signed certificate and Microsoft Entra ID (Azure AD).
Prerequisites
You will need:
- Global Administrator or SharePoint Administrator access
- Access to Microsoft Entra ID / Azure Portal
- PowerShell installed on Windows
Step 1 — Create a Self-Signed Certificate
Open PowerShell as Administrator.
Run the following script:
$certName = "IRIS-SharePoint-App" $certPassword = Read-Host "Enter password for PFX file" -AsSecureString $cert = New-SelfSignedCertificate ` -Subject "CN=$certName" ` -CertStoreLocation "Cert:\CurrentUser\My" ` -KeyExportPolicy Exportable ` -KeySpec Signature ` -KeyLength 2048 ` -KeyAlgorithm RSA ` -HashAlgorithm SHA256 ` -NotAfter (Get-Date).AddYears(2) Export-Certificate ` -Cert $cert ` -FilePath ".\$certName.cer" Export-PfxCertificate ` -Cert $cert ` -FilePath ".\$certName.pfx" ` -Password $certPassword
This creates two files:
IRIS-SharePoint-App.cer IRIS-SharePoint-App.pfx
Important
- The
.cerfile will be uploaded to Microsoft Entra ID - The
.pfxfile must be securely shared with IRIS - Store the password safely
Step 2 — Create an App Registration
Open:
Azure Portal → Microsoft Entra ID → App registrations
Click:
New registration
Use the following settings:
| Setting | Value |
|---|---|
| Name | IRIS SharePoint Integration |
| Supported account types | Single tenant |
| Redirect URI | Leave empty |
Click:
Register
Step 3 — Copy Tenant and Application IDs
After registration, copy the following values:
Application (client) ID Directory (tenant) ID
These will later be provided to IRIS.
Step 4 — Upload the Certificate
Open:
Certificates & secrets → Certificates
Click:
Upload certificate
Upload the file:
IRIS-SharePoint-App.cer
After upload, optionally copy the certificate thumbprint.
Step 5 — Add SharePoint Permissions
Open:
API permissions → Add a permission
Choose:
SharePoint → Application permissions
Recommended permissions:
Full access
Sites.FullControl.All
Limited access
Sites.ReadWrite.All
After selecting permissions:
Grant admin consent
Administrator approval is required.
Step 6 — Send Information to IRIS
Please securely provide the following information to IRIS:
| Information | Example |
|---|---|
| SharePoint Tenant URL | https://company.sharepoint.com |
| SharePoint Site URL | https://company.sharepoint.com/sites/example |
| Tenant ID | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| Client ID | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| Certificate Thumbprint | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx |
| PFX File | IRIS-SharePoint-App.pfx |
| PFX Password | Send separately |
Security Recommendations
- Never send the
.pfxfile and password in the same email - Use a secure file transfer method
- Rotate certificates before expiration
- Recommended certificate validity: 1–2 years
Microsoft Recommendation
Microsoft recommends using modern Microsoft Entra ID app-only authentication instead of legacy SharePoint Add-ins.
Reference: