Table of Contents

Altus POL Migration SharePoint App

The Altus migration scripts need permissions to an Enterprise/App application in the customer's Azure tenant so that data can be retrieved from SharePoint Online (and Project Online) for all sites.

There are two options:

  1. Grant consent to the Altus-published application, or
  2. Create your own Azure App Registration with the required permissions.

The application requires the following permission:

Setting Value
API Name Office 365 SharePoint Online
Claim Value AllSites.Manage
Permission Read and write items and lists in all site collections
Type Delegated
Granted through Admin Consent
Granted by An administrator

Option 1 — Grant consent to the Altus application

To grant consent to the Altus-published application, open the following link as a Global Administrator and select Accept:

https://login.microsoftonline.com/common/adminconsent?client_id=30b4ad0b-d939-4cd4-bb6d-fa2d39fb4694&redirect_uri=https%3A%2F%2Faltus.pro%2Fcontent%2FConsentSuccess.html

Grant consent Accept dialog

The Altus application uses ClientId 30b4ad0b-d939-4cd4-bb6d-fa2d39fb4694.

Note

The Project Online export script (ExportAllProjects.ps1) uses Microsoft's well-known ClientId d3590ed6-52b3-4102-aeff-aad2292ab01c and does not require this app. The Altus ClientId (or your own from Option 2) is required for ExportLookupTableData.ps1 and Run-Migration.ps1.

Option 2 — Create your own Azure App registration

Use this option if the customer will not consent to the Altus-published application. The Application (client) ID generated during these steps is what you supply to the migration scripts.

Quick summary

  1. Sign in to Azure.
  2. Open Microsoft Entra ID.
  3. Open App registrations > New registration.
  4. Enter a name (e.g. Altus SharePoint Access App).
  5. Choose Single tenant (or multi-tenant if appropriate).
  6. Select Register.
  7. Open Manage > API permissions > Add a permission.
  8. Choose SharePoint > Delegated permissions.
  9. Tick AllSites.Manage > Add permissions.
  10. Select Grant admin consent.
  11. Open Manage > Authentication (Preview) > Add Redirect URI.
  12. Choose Mobile and desktop applications.
  13. Add the redirect URI http://localhost.
  14. Select Configure.
  15. Open Overview and copy the Application (client) ID. This is the value to use in the migration scripts when prompted.

Detailed walkthrough

The screenshots below illustrate each step.

Step 2. Open Microsoft Entra ID.

Open Microsoft Entra ID

Step 3. Open App registrations.

Open App registrations

Step 4. Select New registration.

New registration

Step 5–7. Enter a name, choose the supported account type, and select Register.

Enter name and register

Step 8. Open Manage > API permissions.

API permissions blade

Step 9. Select Add a permission.

Add a permission

Step 10. Choose SharePoint.

Choose SharePoint Online

Step 11. Choose Delegated permissions and tick AllSites.Manage.

Delegated permissions - AllSites.Manage

Step 14. Select Grant admin consent.

Grant admin consent

Step 15–16. Open Authentication and add a Redirect URI.

Authentication blade

Step 17. Choose Mobile and desktop applications.

Mobile and desktop applications

Step 18–19. Enter http://localhost and select Configure.

Redirect URI localhost

Step 20. Open Overview and copy the Application (client) ID.

Application client ID on Overview

Using the ClientID in scripts

Pass the ClientID as a parameter where the scripts expect one. For example:

.\ExportLookupTableData.ps1 -PwaUrl "https://<tenant>.sharepoint.com/sites/<pwa>" -ClientId "<your-client-id>"

See Migration Process for the full list of scripts that accept a ClientID.

Edit this page