kalmstrom.com logotype
Home >Tips >PowerShell with SharePoint from Scratch >Avoid login kalmstrom.com site map icon Site map  

Skip SharePoint Login from PowerShell to SharePoint Online

A PowerShell with SharePoint tutorial

PowerShell iconOnce a PowerShell script has been created, it can - and should! - be reused in multiple sites. That way, PowerShell makes SharePoint management efficient and less prone to errors.

When you work with PowerShell this way, it is convenient to skip the SharePoint Online authentication. This is possible if you have a certificate on your computer that allows SharePoint modifications. In the demo below, Peter Kalmström shows how to create such a certificate and get it registered.

Note that the registration and permission giving parts of the process must be performed by someone who has access to the Microsoft Entra admin center. Everyone involved should also be aware of the security risks involved in skipping the authentication.

The certificate has two files a .pfx file and a .cer file. The .cer file only has the public key, while the .pfx has both the public and the private key for the certificate.

The first step is to create a folder for the certificate files on your computer. Peter gives it the name Cert. After that, the process continues in VS Code and Microsoft Entra.

VS Code

The certificate files are created in VS Code, with a cmdlet.
  1. In VS Code, enter the cmdlet New-PnPAzureCertificate.
  2. Add the parameter CommonName and any name that you make up. Peter uses the name kPnP.
  3. Add the parameter Outpfx to say where the .pfx file should be stored, and give the path to your certification folder.
  4. Add the parameter Outcert to say where the .cer file should be stored, and give the path to your certification folder.
  5. Here is the script with Peter's data:

    New-PnPAzureCertificate -CommonName "kPNP" -OutPfx "C:\Cert\kPNP.pfx" -OutCert "C:\Cert\CkPNP.cer"
  6. Run the script row, to create the files. Do NOT clear the Terminal when it fills up with certificate data.

Microsoft Entra

When the certificate files have been created, the certificate must be registered in Microsoft Entra.
  1. In Entra >Applications >App registrations >New Registration, enter the CommonName you gave the certificate and click on Register. A new page will open.
  2. Open the API permissions from the left menu and click on + Add a permission.
  3. Click on the SharePoint tile to give the certificate permission to modify SharePoint.
  4. Select the suitable permission levels and click on Add permissions.
  5. Click on Grant permission and then on Yes in the dialog that opens.
  6. Open Certificates & secrets from the left menu.
  7. Under the Certificates tab, upload the .cer file from your computer.

Local Certificate Folder

The .pfx file needs to be installed into the Certificate Store on the computer you are running the scripts from. Right-click on the file, select Install PFX and make the choices you prefer.

VS Code

Now it is time to connect to SharePoint with the new certificate.
  1. In the certificate code in the VS Code Terminal, find the Thumbprint and copy it.
  2. Create a Connect-PnPOnline command like this: Connect-PnPOnline + URL to the SharePoint site + the Application Client ID for the certificate (which you can find in Entra) + the Thumbprint + The Tenant.
  3. Here is the script with Peter's data:

    Connect-PnPOnline -Url https://m365x61537192.sharepoint.com/sites/PNPConnect -Thumbprint 807C698D96E8546E30AF91F35B03F499379AAE52 -ClientId 79dd87a9-c939-4a9f-a902-fd681c65619b -Tenant m365x61537192.onmicrosoft.com




In the next article, we will see how apps can be created and removed with PowerShell code. Later we will expand this code to give a possibility to create multiple apps with different names in just one script run.


back icon next icon
Products Buy Services Tips Books Contact About Us Tools

Security and integrity
Copyright  Kalmstrom Enterprises AB  All rights reserved